PROTECTING  PDAs 

Companies  are  gaining  the  means  to 
encrypt  employees’  mobile  data,  page  53 


ON  THE  MARK 

$100  million  worth  of  ERP  software  is  being  given 
away  to  800  companies,  says  Mark  Hall,  paoe  8 
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London  Attacks 
Raise  Concerns  of 
U.S.  Vulnerability 

Lack  of  ftinding,  failure  to  commit  to  better 
security  make  transit  systems  prime  targets 


BY  JAIKUMAR  VIJAYAN 

Last  week’s  terrorist  attacks 
on  the  rail  and  bus  systems 
in  London  highlighted  both 
the  vulnerability  of  the 
U.S.  rail  system  and  the 
enormous  IT  challenge 
involved  in  defending 
it,  security  and  terror¬ 
ism  experts  said. 

Nearly  four  years  af¬ 
ter  the  9/11  terrorist  attacks 
and  about  16  months  after  the 
Madrid  train  bombings  that 


killed  191  people,  U.S.  com¬ 
muter  rail  systems  remain 
dangerously  vulnerable  due  to 
a  lack  of  funding  and  a  failure 
to  commit  to  securing 
them,  experts  said.  At 
the  same  time,  the 
open  nature  of  public 
transit  systems  makes 
them  extremely  diffi¬ 
cult  to  defend. 

“London  far  and  away  has 
been  the  best-prepared  juris- 
London,  page  16 


Locating  victims 
via  cell  phones 
would  be  difficult 
in  the  U.S. 

PAGE  16 


Last  week’s  attacks  in  London,  including  the  bombing  of  a 
double-decker  bus,  highlight  security  challenges  that  extend  to  the  U.S. 
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Some  companies  have  piled 
on  as  many  as  five  levels  of 
defense  to  keep  viruses, 
adware,  spam  and  spyware 
out  of  corporate  e-mail  net¬ 
works.  Check  out  the  latest 
strategies  for  blocking 
malware.  Page  25 


New  Battle  Brews  Over  UCITA, 
Software  Licensing  Terms 


Some  users  worry 
that  act  could  be  cited 
by  default  in  courts 

BY  PATRICK  THIBODEAU 

A  new  legislative  battle  is 
looming  over  the  controver¬ 
sial  UCITA  software  licensing 
law.  But  this  time,  it’s  software 
users,  not  vendors,  who  are 
poised  to  attack. 

The  push  for  state-by-state 


adoption  of  the  Uniform  Com¬ 
puter  Information  Transac¬ 
tions  Act  was  abandoned 
nearly  two  years  ago  because 
of  widespread  opposition 
[QuickLink  40364].  But  the 
group  of  software  users  that 
led  that  opposition  has  since 
been  quietly  drafting  its  own 
model  software-licensing  law. 
Its  concern  is  that  courts  may 
use  UCITA  as  a  reference 
point  in  legal  disputes,  giving 


vendors  a  victory  through  the 
legal  system  that  they  couldn’t 
gain  in  state  legislatures. 

“That  battle  against  UCITA 
is  still  going  on;  it’s  just  taken 
another  form,”  said  Riva  Kin- 
stlick,  vice  president  of  gov¬ 
ernment  relations  at  Pruden¬ 
tial  Financial  in  Newark,  N.J. 
“People  are  starting  to  be  con- 
UCITA,  page  53 


ONLINE:.  Fpt  comprehensive 
background  information,  vigour  UCITA  : 
special  coverage  page:  •  . 
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We’re  inspired  by  the  human  side  of  data.  Digital  music  is  more  than  just  files.  It’s  a  better 
mood,  her  personal  soundtrack,  or  enough  head-banging  rock  to  keep  her  on  pace.  That’s  why 
high-capacity  Hitachi  hard  disk  drives  are  the  industry  choice  for  MP3  players,  and  runners 
alike.  From  the  smallest  Microdrive®  to  the  largest  SAN  solution,  Data  Storage  from  Hitachi. 
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You  can't  afford  not  to  buy  an  HP  printer. 


HP  Deskjet  6540  Color  Inkjet  Printer 

•  Print  speed:  up  to  30  ppm  black,  20  ppm  color 

•  Resolution:  up  to  4800  x  1200  dpi  optimized 
with  HP  PhotoREt  III 

•  Paper  handling:  150-sheet  input  capacity 

•  Dual  USB  ports 

•  1 -year  limited  warranty 


HP  Officejet  6210  All-in-One 

•  Print  and  copy  speed:  up  to  23  ppm  black, 
18  ppm  color 

•  Print  resolution:  4800  x  1200  dpi  optimized 

•  Scan  resolution:  19,200  dpi  enhanced  and 
48-bit  color 

•  Direct  photo  printing  with  PictBridge 

•  1  -year  limited  warranty 


HP  Officejet  7210  All-in-One 

•  Print  and  copy  speed:  up  to  30  ppm  black,  20  ppm  color 

•  Print  resolution:  4800  x  1200  dpi  optimized 

•  Scan  resolution:  2400  x  4800  dpi  optical  with  48-bit  color 

•  Direct  photo  printing  with  PictBridge  and  integrated 
memory  card  slots 

•  USB  and  Ethernet  ports 

•  1-year  limited  warranty 


PRINTER 
COW  680810 


PRINTER 
CDW  680780 


PRINTER 
CDW  737818 


HP,  AWARD  CARD 
AVAILABLE1 


HP  AWARD  CARD 
AVAILABLE1 


HP  AWARD  CARD 
AVAILABLE 


With  some  printers,  you  can  only  order  cartridges  from  the  manufacturer.  With  an  HP  printer  or  All-in-One, 
you  can  get  cartridges  from  CDW, or  anywhere  that  sells  them.  And  that's  just  one  of  the  ways  HP  saves  you  now  and 
for  years  to  come.  Get  the  printer  and  supplies  you  need.  Get  an  HP  printer  from  CDW. 


The  Right  Technology.  Right  Away. 

CDW.com  •  800.399.4CDW 
In  Canada,  call  800.387.2173  •  CDW.ca 


Cal!  your  CDW  account  manager  about  HP  Gift  Car’d  rnail-ih  offer;  offer  valid  from  6/20/05-7/20/05.  Offer  subject  to  COW'S  standard  terms  and  conditions  of  sale,  available  at  CDW.com.  ©2005  CDW  Corporation 
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Big-Time  Storage  on  the  Cheap 

In  the  Technology  section:  An  increase  in 
functionality  and  a  drop  in  component 
prices  is  making  midrange  storage  net¬ 
works  a  bargain,  say  IT  leaders  such  as 
Ameritrade  CIO  Asiff  Hirji.  Page  28 
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After  the  Fact 


In  the  Management  section:  “Postgame”  analy¬ 
sis  of  IT  projects  has  never  been  popular,  and 
tight  budgets  make  it  less  so,  but  companies 
that  make  the  effort  say  having  key  players 
weigh  in  is  well  worth  it.  Page  39 
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6  A  wireless  project  for  CSX’s 

truck  drivers  delivers  sub¬ 
stantial  ROI. 

6  Hybrid  discovery  tools  mix 

active  and  passive  detection. 

7  A  Florida  county  violates  a 
state  e-voting  law  by  refusing 
to  buy  specialized  voting 
machines. 

7  A  rocky  PeopleSoft  ERP  roll¬ 
out  leads  to  underwhelming 
financial  results  for  GTSI,  a 
government  IT  products  and 
services  provider. 

10  A  new  health  care  deal  is 

struck  to  develop  a  system  for 
administering  patients’  med¬ 
ications. 

10  Good  Technology  makes  a 
move  in  the  wireless  market 
by  offering  support  for 
Microsoft  smart  phones 
and  Lotus  Notes. 

12  Q&A:  The  founders  of  Sea- 
Code,  a  start-up  that  will  offer 
floating  offshore  IT  services, 
discuss  their  business  model 
and  what  life  will  be  like  for 
their  seafaring  employees. 

12  Microsoft  courts  midsize 
companies  with  a  Windows 
Server  System  promotion. 

14  Global  Dispatches:  The  Euro¬ 
pean  Parliament  overwhelm¬ 
ingly  defeats  a  software 
patents  bill. 

14  Oracle  plucks  another  retail 
industry  software  firm,  and 
this  time,  it’s  profit  optimiza¬ 
tion  vendor  ProfitLogic. 


25  Protective  Layers.  Although 
technologies  for  fighting  mal¬ 
ware  are  improving,  no  single 
strategy  is  enough  to  safe¬ 
guard  IT  systems.  As  a  result, 
companies  are  layering  on 
multiple  defenses. 

32  Security  Manager’s  Journal: 
IDS  Pays  Off,  Even  if  There’s 
No  Hacking.  The  intrusion- 
detection  system  that  Mathias 
Thurman’s  company  uses 
shows  its  value  when  the 
security  team  sets  out  to 
mitigate  the  effects  of  a 
nasty  worm. 

34  QuickStudy:  AJAX.  Asynchro¬ 
nous  JavaScript  and  XML  is 
an  approach  to  developing 
Web  applications  in  which 
client  Web  pages  are  modified 
incrementally  rather  than  be¬ 
ing  replaced  entirely  every 
time  an  update  is  necessary. 

MANAGEMENT 

42  IT  Mentor:  Grass-Roots 
Governance.  The  discre¬ 
tionary  budget  can  be  a 
treacherous  territory  with 
no  rules,  no  winners  and  lots 
of  hard  feelings  between  IT 
and  business.  John  Sullivan 
of  Reynolds  and  Reynolds 
tells  how  his  group  got  a 
handle  on  it. 

46  Career  Watch.  Computer- 
world  Premier  100  IT  Leader 
Jesus  V.  Arriaga  offers  advice 
on  how  to  become  a  CIO;  the 
hiring  outlook  brightens;  and 
the  ITAA  reports  that  IT  still 
lags  in  hiring  women  and 
most  minorities. 


8  On  the  Mark:  Mark  Hall  re¬ 
ports  that  one  company  thinks 
it  can  lead  the  way  to  IT  self- 
service  for  end  users  by  treat¬ 
ing  applications  like  data. 

20  Don  Tennant  thinks  young 
coders  have  a  lot  to  learn 
from  Cobol  veterans. 

20  David  Moschella  has  a  re¬ 
minder  for  anyone  who’s 
worried  about  the  rising 
power  of  China  and  India: 
We’ve  heard  such  dire 
warnings  before. 

21  Michael  Gartenberg  cautions 
that  the  technology  you  give 
your  users  is  only  as  good  as 
the  training  they  get. 

36  Curt  A.  Monash  says  the  use 
of  new  data  sources  can  pro¬ 
vide  a  huge  boost  to  business 
profitability  and  success. 

48  Bart  Perkins  argues  that  hav¬ 
ing  a  single  pool  of  capital  en¬ 
sures  that  IT  program  funding 
is  based  on  business  benefits, 
not  technical  merits. 

54  Frankly  Speaking:  Frank 
Hayes  suggests  that  it’s  possi¬ 
ble  to  channel  users’  fear, 
anger  and  distrust  about 
security  problems  so  they’ll 
make  themselves  more 
secure. 
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How  Should  You  Break 
The  Bad  News? 

PRIVACY:  Notify  your  customers  the  right 
way,  and  they’re  more  likely  to  stick  with  you 
even  if  their  personal  information  has  been 
compromised,  columnist  Larry  Ponemon 
says.  ©  QuickLink  55301 

Career  Marketing  201 

CAREERS:  Korn/Ferry  International’s  Jack  H. 
Cage  says  that  identifying  key  accomplish¬ 
ments  and  being  able  to  clearly  convey  them 
will  improve  your  networking  experiences. 

O  QuickLink  55047 

The  Project’s  Red.  Tag!  You’re  It 

MANAGEMENT:  Michael  Patterson  and  Patri¬ 
cia  Pruden  suggest  ways  to  clarify  who  has 
responsibility  for  a  business  unit’s  project. 

©  QuickLink  55291 

Corporate  IT  and 
Homeland  Defense 

WEBCAST:  You  may  think  terrorism  is  the  do¬ 
main  of  government  agencies,  but  author  Dan 
Verton  warns  you  to  be  aware  of  your  role  in 
protecting  the  national  cyberinfrastructure. 
Available  as  a  free  webcast.  ©  QuickLink  a5810 

How  to  Evaluate  Intrusion- 
Prevention  Systems 

SECURITY:  Before  making  a  big  investment  in 
defense  technology,  Bob  Walder  of  The  NSS 
Group  suggests  asking  several  key  questions. 

©  QuickLink  54877 
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O  Throughout  each  issue  of 
Computerworld.  you'll 
see  five-digit  QuickLink  codes 
pointing  to  related  content  on 
our  Web  site.  Also,  at  the  end  of 
each  story,  a  QuickLink  to  that 
story  online  facilitates  sharing  it 
with  colleagues.  Just  enter  any 
of  those  codes  into  the  Quick¬ 
Link  box,  which  is  at  the  top  of 
every  page  on  our  site. 
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Fujitsu  to  Offer 
SUSE  Linux 


Fujitsu  Ltd.  will  begin  offering 
Novell  Inc.’s  SUSE  Linux  Enter¬ 
prise  Server  software  and  support 
services  for  Fujitsu  PrimeQuest 
and  Primergy  servers  in  Septem¬ 
ber.  Fujitsu  currently  offers  Win¬ 
dows  and  Red  Hat  Linux  software 
development  and  support  services 
for  the  Intel-based  servers. 


Microsoft  Prices 
Data  Protection  App 

At  its  Worldwide  Partner  Confer¬ 
ence  on  Friday,  Microsoft  Corp. 
said  that  System  Center  Data  Pro¬ 
tection  Manager,  its  forthcoming 
disk-based  backup  and  recovery 
server  software,  will  sell  for  about 
$950.  That  includes  a  DPM  serv¬ 
er  license  and  three  management 
licenses.  Microsoft  also  demon¬ 
strated  the  forms  functionality 
due  in  its  next  Office  release.  It 
lets  users  enter  and  edit  informa¬ 
tion  from  within  a  browser  with¬ 
out  using  its  InfoPath  client. 


Dell  Ships  Its  First 
Dual-Core  Server 

Dell  Inc.  this  week  will  ship  its 
first  server  with  dual-core  chip 
technology  from  Intel  Corp.  A 
single-socket  system  designed  for 
small-business  use,  the  Power- 
Edge  SC430  should  offer  perfor¬ 
mance  that’s  about  40%  better 
than  that  of  a  single-core  CPU, 
Dell  said.  Pricing  starts  at  $499. 
Systems  for  midsize  and  large 
companies  are  due  later  this  year. 


Short  Takes 

CISCO  SYSTEMS  INC.  Chief  Tech¬ 
nology  Officer  Charles  Giancarlo 
will  become  chief  development  of¬ 
ficer  on  July  31,  replacing  the  re¬ 
tiring  Mario  Mazzola _ A  U.S. 

Securities  and  Exchange  Commis¬ 
sion  inquiry  into  an  alleged  period¬ 
ic  reporting  violation  by  BUSINESS 
OBJECTS  SA  ended  with  no  rec¬ 
ommendations  for  enforcement 
action. . . .  BORLAND  SOFTWARE 
CORP.  reported  lower-than- 
expected  quarterly  revenue  and 
said  CEO  Dale  Fuller  stepped  down. 


CSX  Wireless  Project 
Delivers  Quick  ROI 


Use  of  BlackBerries 
grows  productivity, 
lowers  turnover 

BY  MATT  HAMBLEN 

ne  year  after 
spending  $400,000 
on  a  wireless  proj¬ 
ect  designed  to 
speed  up  communications 
with  450  independent  truck 
drivers  and  cut  costs,  CSX 
Corp.  reported  last  week  that 
it  may  have  hit  a  bonanza. 

Jacksonville,  Fla.-based  CSX 
said  the  wireless  notification 
application  from  Air2Web  Inc. 
in  Atlanta  has  cut  the  number 
of  phone  calls  truckers  make 
to  the  CSX  Intermodal  call 
center  from  20,000  a  week  to 
11,000,  said  John  Dugan,  tech¬ 
nical  director  for  intermodal 
applications  at  CSX  Technolo¬ 
gy  Inc. 

And  because  drivers  can 


now  send  short  text 
messages  and  e-mail 
via  Research  In  Mo¬ 
tion  Ltd.  BlackBerry 
devices,  they  each 
save  about  an  hour 
per  day  that  they 
once  spent  waiting 
for  a  dispatcher, 

Dugan  said.  That 
alone  improved 
driver  productivity 
by  400  hours  per  day 
—  a  major  reason  why  driver 
turnover  dropped  from  80%  to 
50%  in  the  past  year,  he  said. 

“Fifty  percent  turnover  is 
still  terrible  but  a  big  improve¬ 
ment,”  Dugan  said. 

Dugan  said  he  believes 
these  productivity  gains  have 
helped  CSX  cover  its  initial  in¬ 
vestment  “and  then  some”  in 
just  one  year.  “This  technolo¬ 
gy  has  exceeded  our  expecta¬ 
tions  in  terms  of  payback,  new 
revenue  and  productivity,”  he 


said.  “It’s  definitely 
helping  our  business 
. . .  since  drivers  are 
not  answering 
phone  calls  and  can 
do  more  jobs.” 

CSX’s  achieve¬ 
ment  is  noteworthy, 
given  that  a  15%  to 
20%  return  on  in¬ 
vestment  is  consid¬ 
ered  very  good  for 
such  projects,  said 
Jack  Gold,  an  analyst  at  J.  Gold 
Associates  in  Northboro, 

Mass.  Deployments  of  wire¬ 
less  systems  for  use  by  field 
personnel  can  be  highly  effec¬ 
tive  because  they  usually  re¬ 
place  paper  processes  or  a 
middleman,  such  as  a  call  cen¬ 
ter  operator. 

CSX  call  center  operators 
who  suddenly  saw  a  reduction 
in  the  volume  of  calls  they 
handled  have  been  moved  to 
other  jobs,  Dugan  said. 


Hybrid  Discovery 
Tools  Make  Debut 


Software  combines 
active  and  passive 
detection  methods 

BY  MATT  HAMBLEN 

Two  small  management  soft¬ 
ware  vendors  will  announce 
products  today  that  discover 
IT  system  components  using  a 
hybrid  of  active  and  passive 
detection  approaches  instead 
of  just  one. 

San  Jose-based  NLayers  Inc. 
is  releasing  NLayers  InSight 
4.0,  which  will  feature  a  new 
hybrid  active/passive  discov¬ 
ery  capability.  Separately, 
Atlanta-based  Insightix  Ltd. 
will  release  Dynamic  Infra¬ 
structure  Discovery,  a  new 
product  that  includes  its  In¬ 
sightix  Collector  for  active 


and  passive  network  discovery. 

NLayers  focuses  on  gather¬ 
ing  detailed  configuration  in¬ 
formation  about  servers  and 
the  applications  running  on 
them.  Insightix,  on  the  other 
hand,  is  focused  on  a  real-time 
inventory  of  network  software 
and  hardware,  said  Jean-Pierre 
Garbani,  an  analyst  at  For¬ 
rester  Research  Inc. 

Garbani  said  the  hybrid 
approach  seems  to  be  new  in 
the  market  and  “will  be  a  good 
selling  point.” 

Active  discovery  was  added 
to  passive  in  the  new  version 
of  InSight,  “so  IT  departments 
no  longer  have  to  make  a  deci¬ 
sion  between  active  or  pas¬ 
sive,”  said  NLayers  CEO  Gili 
Raanan. 

NLayers  sells  InSight  as  an 


appliance  with  a  starting  price 
of  $95,000.  Insightix  sells  soft¬ 
ware  that  starts  at  $4,000  for 
100  devices. 

Looking  for  Detail 

The  Museum  of  Modern  Art 
in  New  York  manages  100 
servers  with  a  prior  version  of 
InSight  but  wants  to  move  to 
Version  4.0.  CIO  Steven  Peltz- 
man  expects  to  use  the  hybrid 
discovery  tool  to  get  more- 
detailed  information  on  irreg¬ 
ularities  on  a  particular  server. 

Peltzman  chose  the  NLayers 
product  after  considering  the 
Insightix  offering.  “We  never 
got  the  ball  rolling  with  In¬ 
sightix,”  he  said. 

Brad  Martin,  senior  security 
analyst  at  Chick-fil-A  Inc.  in 
Atlanta,  is  beta-testing  the 
new  Insightix  tool  at  the  same 
time  the  restaurant  chain  is 
upgrading  the  core  of  its  net¬ 
work.  “We  want  better  visibili¬ 
ty  into  the  network  and  to  be 
able  to  span  multiple  virtual 
LANs,”  he  said. 


Intermodal  truck  drivers 
may  make  several  trips  a  day 
of  40  to  80  miles  each,  carry¬ 
ing  goods  from  a  rail  depot  to 
a  warehouse  or  store.  With  the 
wireless  application,  they  can 
be  notified  instantly  when 
leaving  a  location  with  no  load 
and  redirected  to  quickly  find 
another  load  nearby. 

Many  of  the  drivers  had 
cell  phones,  but  they  agreed 
to  buy  the  BlackBerry  hard¬ 
ware  and  pay  for  the  monthly 
data  service  out  of  their  own 
pockets,  Dugan  said.  The  dri¬ 
vers  pay  $49  per  month  for 
unlimited  data  service  and 
$49  to  $100  for  the  BlackBerry 
hardware. 

CSX  estimates  that  about 
500,000  loads  have  been  dis¬ 
patched  using  the  wireless 
system,  which  connects  to  an 
existing  dispatch  system 
called  Pegasus.  Early  next 
year,  CSX  plans  to  add  the 
ability  to  capture  signatures 
digitally  with  a  Bluetooth- 
enabled  pen  device  so  drivers 
can  be  paid  faster.  And  it  will 
add  a  Bluetooth-enabled 
bar  code  reader  for  scanning 
shipment  documents  easily. 

O  55424 


Chick-fil-A  has  3,000  net¬ 
work  nodes  nationwide,  with 
1,000  in  its  Atlanta  offices. 
Martin  said  he  hasn’t  made  a 
decision  whether  to  buy  In¬ 
sightix  because  he  wants  to 
upgrade  his  network  first  and 
then  see  the  Insightix  tool  “in 
all  its  glory.”  ©  55433 


Network  Discovery 
Approaches 

Active  network  discovery: 
Sends  packets  that  probe  for 
network  devices,  but  it  can  be 
hampered  by  firewalls  and  can 
degrade  network  performance. 

Passive  network  discovery: 
Monitors  network  traffic  at  a 
chokepoint  to  identify  devices, 
but  it  will  miss  idle  devices,  en¬ 
crypted  traffic  and  traffic  that 
doesn't  go  through  the  monitor¬ 
ing  point. 

Hybrid:  Uses  active  and  passive 
approaches  to  provide  a  more 
complete  picture  of  the  network. 
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Florida  County  in  Legal  Spat  Over 
Purchase  of  E-voting  Machines 


Vote  leaves  county  without  touch-screen 
systems;  handicap-rights  group  files  suit 


BY  MARC  L.  SONGINI 

The  refusal  to  purchase  spe¬ 
cialized  voting  machines  that 
comply  with  handicap-access 
laws  has  put  a  Florida  county 
in  the  cross  hairs  of  the  state’s 
attorney  general  and  handi¬ 
cap-rights  groups. 

On  June  29,  the  Volusia 
County  Council  voted  4-3 
against  authorizing  the  pur¬ 
chase  of  210  touch-screen  sys¬ 
tems  from  Diebold  Election 
Systems.  According  to  Florida 
state  law,  all  counties  were 
obliged  to  have  at  least  one 
state-certified  touch-screen 
machine  in  place  by  July  1. 

The  Diebold  systems  meet  the 
handicap-access  requirement 


because  they  also  house  de¬ 
vices  that  enable  blind  voters 
to  receive  verbal  prompts  to 
help  them  vote. 

The  council  declined  to 
purchase  the  machines  be¬ 
cause  they  don’t  generate  a 
paper  receipt.  The  majority  of 
the  council  is  joined  by  critics 
who  maintain  that  the  touch¬ 
screen  systems  can  be  rigged 
for  political  advantage  [Quick- 
Link  53796]. 

The  National  Federation  of 
the  Blind  and  others  filed  suit 
against  the  county  last  week  in 
Orlando  Federal  District  Court. 

“This  does  put  Volusia 
County  in  a  very  difficult  posi¬ 
tion,”  said  a  county  govern- 


THE  DIEBOLD  TOUCH-SCREEN 
SYSTEMS  can  be  rigged  for  polit¬ 
ical  advantage,  critics  such  as 
the  Volusia  County  Council  say. 


ment  spokesman.  The  four- 
person  majority  was  “not 
comfortable  with  the  Diebold 
system,  and  now  we’ve  been 
sued,  and  we’ll  defend  that  ac¬ 
tion,”  the  spokesman  said. 

He  said  the  council  would 


prefer  to  buy  a  hybrid  optical- 
scan  system  called  AutoMark, 
which  is  made  by  Vogue  Elec¬ 
tion  Systems  LLC  in  Glen  El¬ 
lyn,  Ill.  AutoMark  has  an  audio 
component  to  enable  the  blind 
to  vote,  but  the  system  hasn’t 
been  certified  by  Florida. 

None  of  the  four  council 
members  who  voted  down  the 
purchase  responded  to  a  re¬ 
quest  for  comment. 

Florida  Attorney  General 
Charlie  Crist  issued  a  letter 
dated  June  30  to  council  Chair¬ 
man  Frank  Bruno,  stating  that 
the  refusal  could  subject  the 
county  to  liability  for  a  civil 
rights  violation. 

A  Vote  for  Diebold 

Ann  McFall,  the  county  super¬ 
visor  of  elections,  is  urging  the 
purchase  of  the  Diebold  ma¬ 
chines.  She  said  she  directed 
her  attorney  to  ask  a  federal 
judge  in  Orlando  to  either 
force  the  county  to  buy  them 
or  allow  the  next  election, 
which  is  scheduled  for  Oct.  11, 


to  take  place  without  them. 

A  spokesman  for  McKinney, 
Texas-based  Diebold  said  the 
touch-screen  machines  have 
been  used  for  20  years  and  are 
completely  reliable.  In  addi¬ 
tion,  the  Diebold  AccuVote-TS 
and  TSX  machines  provide  an 
internal  paper  receipt  and  can 
generate  a  hard  copy  of  every 
vote  cast  via  printer,  he  said. 

Volusia  County  isn’t  alone 
in  refusing  to  comply  with  the 
July  1  deadline.  By  emphasiz¬ 
ing  just  touch-screen  technol¬ 
ogy,  the  state  has  taken  a 
“heavy-handed  approach”  to 
enforcing  handicap  voting  ac¬ 
cessibility,  said  Ion  Sancho,  su¬ 
pervisor  of  elections  in  Leon 
County,  which  uses  optical 
scan  devices.  He  wants  the  pa¬ 
per  trail  and  is  holding  out  for 
certification  of  the  AutoMark 
systems.  “Voters  demand  that 
we  can  account  for  every  vote 
100%  accurately,”  Sancho  said. 
“And  my  goal  is  to  make  sure 
the  votes  are  counted  as  in¬ 
tended.”  O  55423 


GTSI  Blames  Rough 
PeopleSoft  Rollout  for 
Financial  Shortfall 


Customer  relations 
hurt  by  flawed  ERP 
implementation 

BY  MARC  L.  SONGINI 

A  challenging  $10  million  roll¬ 
out  of  PeopleSoft  ERP  soft¬ 
ware  at  a  government  IT  prod¬ 
ucts  and  services  provider 
hurt  the  company’s  bottom 
line,  disrupted  customer  rela¬ 
tions  and  will  delay  it  from 
achieving  its  long-term  finan¬ 
cial  goals. 

Chantilly,  Va.-based  GTSI 
Corp.  last  week  announced 
that  its  second-quarter  finan¬ 
cial  results  would  be  “nega¬ 
tively  impacted”  by  lower 
bookings  and  shipments  that 
were  the  result  of  “internal 
distractions  and  other  difficul¬ 
ties”  caused  by  the  software 
implementation.  The  People- 
Soft  software  is  now  part  of 


Oracle  Corp.’s  portfolio. 

Moreover,  GTSI  said  in  a 
statement  that  its  plan  to  dou¬ 
ble  its  revenue  to  $2  billion  by 
2007  is  now  in  jeopardy. 

“The  second  quarter  has 
been  a  tough  one  for  our  cus¬ 
tomers,  vendor  partners  and 
employees,”  said  Dendy 
Young,  chairman  and  CEO  of 
GTSI.  “We  have  been  experi¬ 
encing  difficulties  in  deliver¬ 
ing  products  to  many  cus¬ 
tomers  in  a  timely  manner  due 
to  software  problems  with  our 
ERP  implementation.  This  has 
caused  disruption  to  some 
customer  relationships.” 

Reports  Delayed 

The  problems  have  been  so 
severe  that  on  May  31,  the 
company  announced  that  it 
couldn’t  provide  monthly  rev¬ 
enue,  backlog  and  booking 
reports  because  it  couldn’t 


validate  the  data  generated  by 
the  ERP  system. 

GTSI  bought  the  PeopleSoft 
ERP  software  in  July  2004.  Be¬ 
fore  it  was  rolled  out,  the  com¬ 
pany  used  an  “unsupported 
legacy  platform”  so  heavily 
customized  that  only  its  inter¬ 
nal  staff  could  maintain  it,  said 
a  GTSI  spokesman.  The  legacy 
software  also  couldn’t  scale 
sufficiently. 

The  company  expected  the 
new  software  to  help  increase 
productivity  by  allowing 
more-proactive  supply  chain 
management,  enabling  cus¬ 
tomer  and  vendor  profitability 
assessments  and  improving 
order  management  operations. 

However,  because  the  soft¬ 
ware  was  geared  more  toward 
manufacturing,  GTSI  had  to 
reconfigure  it  to  support  re¬ 
seller  operations.  “That’s  part 
of  what  you  find  in  these  situ¬ 
ations,”  said  the  spokesman. 
“You  go  through  alterations 
of  the  product,  and  you  en¬ 
counter  difficulties.” 

Without  elaborating,  he  said 
those  difficulties  included 
both  software  bugs  and  proce¬ 
dural  errors.  PeopleSoft  also 
connects  to  a  number  of  third- 


party  systems  that  support 
GTSI’s  distribution  center. 

“We’ve  worked  through  an 
awful  lot  of  issues  in  the  last 
several  months,”  in  part  by  us¬ 
ing  Oracle/PeopleSoft  sup¬ 
port,  he  said.  Although  the 
company  has  been  able  to  han¬ 
dle  orders  through  the  rollout 
and  continues  processing 
shipments,  it  is  doing  so  at  a 
reduced  rate. 

The  spokesman  offered  no 


HWe  have  been 
experiencing 
difficulties  in  deliv¬ 
ering  products  to 
many  customers  in 
a  timely  manner  due 
to  software  prob¬ 
lems  with  our  ERP 
implementation. 
This  has  caused  dis¬ 
ruption  to  some  cus¬ 
tomer  relationships. 

DENDY  YOUNG, 

CHAIRMAN  AND  CEO.  GTSI  CORP. 


estimate  of  how  much  money 
GTSI  has  spent  to  address 
problems  related  to  the  ERP 
software  implementation. 

However,  in  the  10-Qform  it 
filed  with  the  U.S.  Securities 
and  Exchange  Commission  on 
May  9,  GTSI  did  say  the  imple¬ 
mentation  “has  consumed  re¬ 
sources,  diverted  manage¬ 
ment’s  attention  and  increased 
our  training  costs.” 

The  company  said  that  it  be¬ 
lieves  it  has  solved  most  of  its 
operational  problems.  And  the 
spokesman  reported  that  GTSI 
still  expects  to  double  its  rev¬ 
enue,  although  “it’s  taking  a 
little  longer  than  anticipated.” 

GTSI  plans  to  close  its 
books  for  the  second  quarter 
by  Aug.  9. 

“It’s  clear  this  was  an  imple¬ 
mentation  that  ran  amok,”  said 
Joshua  Greenbaum,  an  analyst 
at  Enterprise  Applications 
Consulting  in  Berkeley,  Calif. 
“It  indicates  a  lack  of  proper 
planning  and  lack  of  good 
management,  and  this  is  all 
the  more  shocking  because 
this  is  a  technology  service 
company.” 

Oracle  declined  a  request 
for  comment.  ©  55435 
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Broadcom  Files  Suit 
Against  Qualcomm 

Broadcom  Corp.  has  filed  an  anti¬ 
trust  suit  against  chip  maker  Qual¬ 
comm  Inc.  In  a  complaint  filed  in 
the  U.S.  District  Court  in  New  Jer¬ 
sey,  Broadcom  accused  Qual¬ 
comm  of  abusing  the  process  for 
setting  wireless  standards,  failing 
to  license  technologies  for  cellular 
wireless  standards  on  fair  and 
reasonable  terms,  and  conducting 
other  anticompetitive  practices. 


Chinese  Gov’t  Joins 
Antispam  Effort 

The  Chinese  government  has 
joined  the  London  Action  Plan  on 
Spam  Enforcement  Collaboration, 
an  international  antispam  effort 
started  by  the  U.S.  and  U.K.  gov¬ 
ernments.  The  effort  was  launched 
last  October  to  improve  investiga¬ 
tive  expertise  and  coordination 
among  worldwide  groups.  The 
Union  Network  Beijing  will  repre¬ 
sent  China  in  the  organization. 


Mercury  Lowers  Q2 
Revenue  Estimate 

Blaming  a  sales  shortfall  in  Eu¬ 
rope,  Mercury  Interactive  Corp. 
has  scaled  back  revenue  esti¬ 
mates  for  its  second  quarter.  The 
company  also  said  a  corporate  re¬ 
structuring  will  result  in  undis¬ 
closed  third-quarter  charges.  Mer¬ 
cury  said  it  now  expects  second- 
quarter  revenue  of  $200  million  to 
$205  million,  compared  with  its 
April  guidance  of  $205  million  to 
$215  million. 


Symantec-Veritas 
Merger  Closes 

Symantec  Corp.  named  six  former 
Symantec  directors  and  four  for¬ 
mer  Veritas  Software  Corp.  direc¬ 
tors  to  its  10-member  board  fol¬ 
lowing  the  completion  of  its  merg¬ 
er  with  Veritas.  As  previously  an¬ 
nounced,  John  Thompson  will  re¬ 
main  as  chairman  and  CEO  of  the 
enlarged  Symantec,  while  former 
Veritas  CEO  Gary  Bloom  becomes 
vice  chairman  and  co-president. 
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Gets  a  Boost . . . 


. . .  this  fall  when  Softricity  Inc.  releases  its  ZeroTouch 

module  as  part  of  its  SoftGrid  software.  David 
Greschler,  vice  president  of  corporate  marketing  at 
the  Boston-based  vendor,  explains  that  ZeroTouch 
builds  on  SoftGrid’s  critical  capability  to  “treat 


applications  like 
data.”  SoftGrid’s 
Sequencer  module 
“packages”  applica¬ 
tions  to  run  on  Soft- 
Grid  servers,  which 
replace  traditional 
app  servers  and  work 
with  agent  code  on 
end-user  machines  to 
create  virtual  applica¬ 
tions.  When  users  click  on  a 
program  that’s  on  a  SoftGrid 
server,  the  application  loads 
instantly  on  the  PC.  SoftGrid 
knows  whether  the  machine 
is  a  laptop  or  a  PC  and  can  set 
a  time  limit  for  how  long  an 
app  can  reside  on  a  mobile 
device  before  being  disabled. 
With  the  arrival  of  Zero- 
Touch,  end  users  won’t  need 
to  hassle  IT  with  requests  for 
application  access;  the  mod¬ 
ule  provides  end  users  with  a 
menu  of  available  apps.  Be¬ 
cause  of  SoftGrid’s  packaging 
and  virtualization  process,  IT 
doesn’t  need  to  provision  the 
end  user’s  machine,  nor  does 
it  have  to  worry  about  reg¬ 
istry  problems  or  broken 
DLLs  resulting  from  applica¬ 


tion  conflicts.  Plus, 
ZeroTouch  gives  IT 
the  option  to  appoint 
workgroup  managers 
within  business  units 
to  approve  applica¬ 
tion  access  for  end 
users,  taking  IT  out  of 
an  occasionally  politi¬ 
cal  process.  SoftGrid 
starts  at  $200  per  user. 

Autonomous 
computing  a  distant . . . 

. . .  possibility,  maybe  eight  to  10 
years  in  the  future.  So  says  Hiep 
Vuaong,  chief  technology  of¬ 
ficer  at  Net  Integration  Tech¬ 
nologies  Inc.  in  Markham, 
Ontario.  His  vision  of  true 
autonomous  computing 
means,  for  example,  that 
when  IT  adds  a  server  to  a 
network,  the  machine  auto¬ 
matically  detects  where  its 
resources  will  be  best  used, 
provisions  itself,  maintains 
continuous  awareness  of  its 
condition  and  network,  and 
adjusts  itself  accordingly. 
Vuaong  says  Nitix,  as  his 
company  is  called,  is  propos¬ 
ing  its  UniConf  open-source 


tool  (www. 
open.nit.ca/ 
wiki )  as  a 
step  toward 
true  auto¬ 
nomous 
computing. 

UniConf 
does  for  net¬ 
work  re¬ 
sources 
what  LDAP 
did  for  end  users  on  the  net¬ 
work,  Vuaong  claims.  He  says 
IT  can  use  UniConf  to  man¬ 
age  resources  to  minimize 
software  conflicts  when  pro¬ 
visioning  new  systems,  be¬ 
cause  the  tool  knows  what 
works  well  with  what.  And 
what  doesn’t.  Vuaong  admits 
that  the  idea  of  a  small  Cana¬ 
dian  company  competing 
with  the  likes  of  IBM  in  the 
realm  of  autonomous  com¬ 
puting  might  seem  a  tad 
quixotic.  But  he  hopes  Nitix’s 
open-source  approach  gives  it 
a  distinct  advantage  over  pro¬ 
prietary  approaches. 

Free  ERP  software 
being  given  to  800 . . . 

. . .  companies  that  qualify.  That’s 
the  offer  from  Larry  Pettit, 
CEO  of  Carillon  Financials 
Corp.  in  Richardson,  Texas. 
He  says  his  product  competes 
toe-to-toe  and  feature-for- 
feature  with  ERP  products 
from  J.D.  Edwards,  Lawson, 
Oracle  and  others.  J.D.  Ed¬ 
wards  users,  he  notes,  have 
shown  particular  interest  in 
the  wake  of  the  PeopleSoft/ 
Oracle  merger  whirl.  Pettit 
says  that  although  his  compa¬ 
ny  has  been  in  business  since 
1990,  “we  lack  name  recogni¬ 
tion.”  He  claims  that  the  pro¬ 
motion,  which  will  give  300 
enterprise  and  500  work¬ 
group  licenses  to  the  lucky 
companies,  is 
not  a  gim¬ 
mick  and 
that  the  only 
requirement 
is  that  the 
new  users 
must  buy  a 


Estimated 
worth  of  free 
ERP  software 
from  Carillon. 


standard  one-year  mainte¬ 
nance  agreement.  “We’re  just 
trying  to  get  market  share 
and  visibility,”  he  says.  The 
promotion  ends  on  Sept.  30, 
and  “it’s  not  too  late  to  get  in 
the  running,”  he  says. 

Traditional  business 
intelligence . . . 

. . .  technologies  are  “dead,  done, 
finished  in  the  next  10  years,” 

predicts  Anthony  Deighton, 
vice  president  of  marketing  at 
QlikTech  Inc.  in  Raleigh,  N.C. 
Forget  about  grinding  away 
for  weeks  building  complex 
cubes  or  months  creating 
sprawling  data  warehouses. 
Deighton  claims  that  with  the 
arrival  of  64-bit  systems  and 
cheap  RAM  for  PCs  and 
servers,  all  you  need  is  BI 
technology  that  can  read 
every  scrap  of  data  into  mem¬ 
ory  and  tools  that  can  query 
the  data  in  any  manner  you 
wish.  Naturally,  Deighton 
claims  that  his  QlikView  tool 
does  just  that  right  now.  He 
says  the  trick  is  the  compres¬ 
sion  algorithms  developed  by 
Swedish  parent  company  Qlik¬ 
Tech  Interna¬ 
tional  AB. 

QlikView,  he 
says,  achieves 
a  10-1  com¬ 
pression 
ratio,  which 
means  a  64- 
bit  chip  run¬ 
ning  Win¬ 
dows  XP  Pro¬ 
fessional  x64 
edition  using  128GB  of  mem¬ 
ory  can  load  more  than  1TB 
of  data  that  QlikView  can 
query.  And  the  physical  limit 
of  RAM  within  64-bit  systems 
is  theoretically  more  than  16 
exabytes,  larger  than  any 
known  data  warehouse.  Given 
these  new  system  capabilities 
and  products  like  QlikView, 
Deighton  speculates  that  the  - 
“doomed”  entrenched  BI  ven¬ 
dors  are  part  of  a  natural 
technology  cycle.  “The  in¬ 
cumbent  never  wins,”  he  con¬ 
cludes.  O  55403 


DEIGHTON 

posits  that  old- 
line  BI  vendors 
are  dying. 


Choose 
and  receive 

any  of  these  3  valuable 
APC  white  papers  within 
the  next  90  days  for  FREE! 


Key  Code 

http://promo.apc.  com _ c  9l8x 

(888)  289-APCC  x3437*  FAX:  (401 )  788-2792 


Legendary  Reliability® 


Choose  and  receive  any  of  these  3  APC 
white  papers  within  the  next  90  days  for  FREE! 


□ 

□ 

□ 


White  Paper  #40 
White  Paper  #42 
White  Paper  #117 


"Cooling  Audit  for  Identifying  Potential  Cooling  Problems  in  Data  Centers" 

'Ten  Steps  to  Solving  Cooling  Problems  Caused  by  High  Density  Server  Deployment" 
"Network-Critical  Physical  Infrastructure:  Optimizing  Business  Value" 


□  YES! 


Please  send  me  my  FREE  white  papers. 


□  NO. 


I'm  not  interested  at  this  time,  but  please  add  me  to  your  mailing  list 


Key  Code 

c  9 1  8x 


What  type  of  availability  solution  do  you  need? 

□  UPS:  0-1 6kVA  (Single-phase)  □  UPS:  10-80kVA  (3-phase  AC)  □  UPS:  80+ kVA  (3-phase  AC)  □  DC  Power 

□  Network  Enclosures  and  Racks  □  Precision  Air  Conditioning  □  Monitoring  and  Management 

□  Cables/Wires  □  Mobile  Protection  □  Surge  Protection  □  UPS  Upgrade  □  Don't  know 
Purchase  timeframe?  □  <  1  Month  □  1-3  Months  □  3-12  Months  □  1  Yr.  Plus  □  Don't  know 

You  are  (check  1):  □  Home/Home  Office  □  Business  (<1000  employees)  □  Large  Corp.  (>1000  employees) 

□  Gov't,  Education,  Public  Org.  □  APC  Sellers  &  Partners 


©2005  APC.  All  trademarks  are  the  property  of  their  owners.  ISX4A4EB-USe  •  E-mail:  esupport@apcc.com  •  132  Fairgrounds  Road.  West  Kingston,  Rl  02892  USA 


KEY  CODE:  c918x 
Department:  B 
132  FAIRGROUNDS  ROAD 
PO  BOX  278 

WEST  KINGSTON  Rl  02892-9920 


How  to  Contact  APC 

Call:  (888)  289-APCC 

use  the  extension  on  the  reverse  side 

Fax:(401)  788-2792 

Visit  http://promo.apcc.com 

use  the  key  code  on  the  reverse  side 


Legendary  Reliability* 


ISXT280HD8R  8  uptolOkW  $399,999‘  $1 2,999“ 

High  density  upgrades  start  at  S1 0,999 
On-site  power  generation  options  start  at  *29,999 


Now  you  can  quickly  deploy  a 
standard-  or  high-density  site  of  any  size 
with  scalable,  top-tier  availability. 


Part 

Number 

Usable 

IT  Racks 

Average 
kW  per  Rack 

Price 
to  buy 

Price  to  lease 
(36  installments) 

ISXCR1SY16K16P5 

1 

up  to  5kW 

$1 4,999* 

$499“ 

ISXT240MD6R 

6 

up  to  5kW 

$1 49,999* 

$4,999“ 

ISXT240MD11R 

11 

up  to  5kW 

$249,999* 

$7,999“ 

ISXT280MD40R 

40 

up  to  5kW 

$699,999* 

$21,999“ 

ISXT2800MD100R 

100 

up  to  5kW 

$1 ,649,999* 

$50,999“ 

High  Density  Configuration  (shown  above) 
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on  demand? 


Infrastructure 

DATA  CENTERS  ON  DEMAND 

Highly  available  and  manageable, 
quick-to-install,  scalable  architecture 
that  easily  supports  both  standard- 
and  high-density  applications. 

-  Up  to  20kW  a  rack  for  any 
blade  server  application 

-  Unlimited  racks 

-  Ships  in  5  days*** 

-  Installs  in  I  day*** 

-  Optional  on-site  power 
generation 

-  Raised  floor  not  required 


BLADE 

READY' 


APC  solutions  that  carry 
the  “ Blade-Ready "  Logo 
are  designed  to  handle  the 
demanding  network-critical 
physical  infrastructure 
requirements  of  high-density 
blade  server  applications. 


Chamber  Doors 

Access  to  hot  aisle, 
locks  for  security 


All  multi-rack  configurations  feature: 

V  N+i  power  and  cooling 

/  Secure,  self-contained  environment 

V  Peak  capacity  of  20kW  per  rack 

V  Enhanced  service  package 
Integrated  management  software 


Order  your  solution  today.  Call  888-289-APCC  3437. 


Visit  today  and  receive  FREE  APC  White  Papers 

Visit  us  online  and  download  APC  White  Papers. 


APC 

rrrr 

i  Don't  see  the  configuration  you  need? 


Try  APC's  online  InfraStruXure"  BuildOut  Tool  today  and  build  your  own  solution. 

Go  to  http^/promo.apc£om  and  enter  key  code  c918x  Call  888-289-APCC  x3437 


-  Vendor  neutral  guaranteed 
compatibility 


InfraStruXure'  can  be  purchased  as  a 
modular,  or  mobile  system 


Legendary  Reliability® 


InfraStruXure"  BuildOut  Tool 


*  Prices  do  not  include  IT  equipment  and  are  subject  to  change,  **  Indicative  rates  are  subject  to  market  conditions  Install  and  delivery  times  may  vary 
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GE,  Health  Care  Firm  Partner 
To  Develop  Medical  IT  Systems 


Medication  administration  system  is 
first  project  in  10-year,  $100M  deal 


BY  HEATHER  HAVENSTEIN 

E  HEALTHCARE 
and  Intermountain 
Health  Care  Inc.  last 
week  unveiled  plans 
to  develop  an  electronic  sys¬ 
tem  for  administering  patients’ 
medications.  The  project  will 
be  the  first  one  the  companies 
undertake  as  part  of  a  10-year, 
$100  million  deal  that  calls  for 
them  to  work  together  to  de¬ 
velop  an  integrated  clinical  in¬ 
formation  system. 

The  electronic  medical  ad¬ 
ministration  record  (EMAR) 
system  will  be  developed  at  a 
new  joint  clinical  research 
center  in  West  Valley,  Utah, 
and  deployed  at  IHC’s  21  hos¬ 
pitals  and  100  clinics  and 
physician  practices  in  Utah 
and  Idaho. 

First  announced  in  Febru¬ 
ary,  the  agreement  between 
the  two  companies  also  calls 
for  them  to  work  together  on 
electronic  prescription  tech¬ 
nology  and  electronic  medical 
record  systems  that  eventually 
will  be  marketed  commercial¬ 
ly  by  GE. 

What  the  Doctor  Ordered 

The  EMAR  system  will  couple 
handheld  devices  and  bar¬ 
coding  technology  with  de¬ 
tailed  patient  histories  to  help 
avoid  medication  errors  at  the 
bedside.  It  will  use  back-end 
data  on  drug  allergies  and 
other  patient  information 
from  a  new  pharmacy  system 
that  GE  has  deployed  at  one 
IHC  hospital  and  will  install  at 
its  other  hospitals  throughout 
2006,  said  Giri  Iyer,  general 
manager  for  strategic  develop¬ 
ment  at  GE  Healthcare  in 
Chalfont  St.  Giles,  England. 

Marc  Probst,  CIO  at  Salt 
Lake  City-based  IHC,  said  the 
EMAR  system  will  increase 
the  probability  that  nurses  will 
give  the  right  medication  to 


the  right  patient  at  the  pre¬ 
scribed  time.  Because  GE 
technicians  will  be  working 
alongside  IHC  nurses  and 
doctors  in  the  new  research 
center,  the  health  care  net¬ 
work  can  ensure  that  the  re¬ 
sulting  integrated  clinical  sys¬ 
tem  will  correspond  with  its 
health  care  workflows,  he  said. 

By  using  an  integrated  sys¬ 
tem,  IHC  will  be  able  to  im¬ 
prove  care  by  expanding  the 
information  it  collects  about 
patients,  Probst  added. 

“It  would  have  been  less 


BY  MATT  HAMBLEN 

Good  Technology  Inc.  today 
will  announce  wireless  mes¬ 
saging  support  for  Microsoft 
Corp.  smart  phones  as  well 
as  an  acquisition  designed  to 
enable  wireless  Lotus  Notes 
e-mail  access. 

The  moves  are  aimed  at  bet¬ 
ter  positioning  Good,  whose 
existing  customer  base  of 
6,500  large  companies  can  al¬ 
ready  access  e-mail  through 
Microsoft  Outlook  and  a  vari¬ 
ety  of  wireless  handheld  de¬ 
vices  —  including  those  of 
rival  Research  In  Motion  Ltd. 

Santa  Clara,  Calif. -based 
Good  will  announce  the  acqui¬ 
sition  today  of  key  technolo¬ 
gies  and  personnel  from  Dal¬ 
las-based  JP  Mobile  Inc.  It  will 
use  those  resources  to  enable 
its  GoodLink  wireless  e-mail 
service  to  support  the  Lotus 
Domino  server,  a  company 
spokeswoman  said. 

Financial  details  of  the  ac¬ 
quisition  were  not  announced 
in  advance. 

Eventually,  Good  hopes  to 


costly  to  go  buy  an  off-the- 
shelf  package,”  he  said.  “But 
the  ability  to  have  discrete 
data  and  use  that  in  a  deci¬ 
sion-support  system  will  be 
key  to  our  success.” 

GE  plans  to  have  an  EMAR 
system  in  production  in  at 
least  one  of  IHC’s  hospitals  by 
the  end  of  2006.  The  first  ver¬ 
sion  of  the  clinical  informa¬ 
tion  system  is  expected  to  be 
available  sometime  in  2007, 
Iyer  said. 

However,  David  Garets, 
president  and  CEO  of  Chicago- 
based  research  Firm  HIMSS 
Analytics  LLC,  said  GE  likely 
will  face  challenges  marketing 
the  medication  administration 


offer  wireless  support  of  Nov¬ 
ell  Inc.’s  GroupWise  e-mail 
system,  giving  its  users  access 
to  three  major  e-mail  services, 
the  spokeswoman  said. 

Good  will  also  announce 
GoodLink  4.5  for  Microsoft’s 
Windows  Mobile  smart 
phones,  adding  to  support  it 
already  provides  for  devices 
that  run  on  the  Palm 
OS  and  Windows 
Mobile  Pocket  PC 
operating  systems, 
company  officials 
said. 

Adding  support  for 
Notes  gives  Good  ac¬ 
cess  to  perhaps  40% 
of  the  e-mail  market, 
said  Kevin  Burden, 
an  analyst  at  IDC. 

And  it’s  a  necessary 
move,  since  Micro¬ 
soft  has  taken  steps 
to  support  Outlook 
wirelessly  in  its 
forthcoming  release 
of  Service  Pack  2 
for  Exchange  Server 
2003,  he  added. 


tools  developed  under  the 
deal.  The  pharmacy  system 
must  be  interoperable  with 
hospital  clinical  data  reposito¬ 
ries  and  nursing  documenta¬ 
tion  systems,  he  said.  The 
problem  is  that  many  hospitals 
have  already  chosen  to  use 
electronic  medical  record 
tools  from  a  variety  of  ven¬ 
dors,  he  added. 

“No  one  has  been  able  to  fig¬ 
ure  out  how  to  interface  them 
from  different  vendors,”  Garets 
said.  “Unless  GE  can  displace 
those  systems,  they  are  not  go¬ 
ing  to  be  able  to  sell  pieces 
and  parts  into  someone  else’s 
implementation  and  have  it 
work  very  well.”  ©  55425 


Microsoft  will  still  require  a 
connection  to  the  Windows 
Mobile  operating  system, 
however,  whereas  Good  is 
compatible  with  a  variety  of 
operating  systems,  he  said. 

Integrating  Smart  Phones 

Laurence  Barron,  director  of 
IT  infrastructure  and  opera¬ 
tions  support  at  Priority 

Healthcare  Corp.  in 
Lake  Mary,  Fla.,  said 
he  plans  to  add  smart 
phones  with  Good- 
Link  e-mail  access 
for  sales  personnel 
and  executives.  Cur¬ 
rently,  50  people  at 
Priority  Healthcare 
use  a  variety  of  hand¬ 
helds.  Smart  phones 
are  usually  defined 
as  text-  and  voice- 
enabled  devices  that 
have  12  number  keys 
instead  of  26  or  more 
alphabetical  keys. 

Priority  Healthcare 
has  been  testing  sev¬ 
eral  smart  phones  for 


Good  Technology  Plans  Wireless 
Support  for  Smart  Phones,  Notes 


AN  AUDI0V0X 
SMT5600 

smart  phone  with 
GoodLink  software. 


www.computerworld.com 
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AT  A  GLANCE 


The  GE-IHC  Deal 

■  In  addition  to  developing  the 
medication  administration  sys¬ 
tem,  the  10-year,  $100  million 
deal  calls  for  6E  and  IHC  to 
develop  a  nursing  documenta¬ 
tion  technology,  computerized 
physician  order-entry  tools  and 
integrated  electronic  medical 
record  systems  for  inpatient  and 
outpatient  settings. 

■  IHC  is  working  on  plans  to 
exchange  clinical  information 
with  500  physicians  employed 
by  the  health  care  network  and 

2,000  who  have  privileges  at 
its  21  hospitals. 

. 

■  The  two  are  considering  devel¬ 
oping  digitized  radiology  and 
cardiovascular  information 
systems. 

■  IHC  expects  to  extend  its 
clinical  information  system 

to  automating  the  operation  of 
devices  like  pumps  and  monitors. 


the  past  month,  according  to 
Barron,  who  said  he  likes  the 
GoodLink  system  because  it 
allows  him  to  connect  new 
smart  phones  and  existing 
handhelds  to  one  GoodLink 
server.  The  company  could 
add  as  many  as  50  new  smart 
phones,  and  Good’s  system  al¬ 
lows  provisioning  for  new 
users  wirelessly,  which  can  cut 
support  costs,  he  said. 

Barron  said  he  has  found 
Good’s  service  to  be  less  ex¬ 
pensive  than  RIM’s,  adding 
that  it  could  potentially  save 
his  company  “tens  of  thou¬ 
sands”  of  dollars  a  year. 

Burden  said  Good  and  Wa¬ 
terloo,  Ontario-based  RIM  face 
a  number  of  competitors,  in¬ 
cluding  Visto  Inc.  and  Seven 
Networks  Inc.  That  list  will 
eventually  include  Microsoft, 
he  noted. 

GoodLink  4.5  for  Windows 
Mobile  smart  phones  will  be 
available  next  month  on  Mo¬ 
torola  MPx220  and  Audiovox 
SMT5600  devices,  with  wire¬ 
less  service  provided  by  Cin- 
gular  Wireless  LLC  in  the  U.S.  - 

Good  also  will  announce 
today  that  Sprint  Corp.  will 
market  and  sell  the  GoodLink 
service  to  business  customers. 
©  55436 


MEANS  MORE  POWER 

MORE  AFFORDABLY 


ProCurve  Networking  by  HP  offers  a  range  of  affordable 
gigabit-enabled  switches  that  is  second  to  none.  That  means 
you  can  get  better  performance  from  your  network  along  with 
better  performance  from  your  networking  dollars.  Downloads 
that  used  to  take  minutes  can  now  be  done  in  seconds.  And  you 
can  do  it  for  cents.  Not  dollars.  That’s  high-availability  gigabit 
performance  at  the  edge — not  just  the  core  of  your  network. 
What’s  more,  ProCurve  gigabit-enabled  switches  are 
backed  by  a  lifetime  warranty* — perhaps  the  best  in  the 
industry.  More  affordability.  More  choice.  More  productivity. 


Find  out  how  to  get  the  power  of  gigabit  for  less. 

Visit  www.hp.com/networklng/gigablt  for  our  latest  gigabit  promotions 


HP  ProCurve  SWITCHES: 
2800,  3400, 4100  AND 
5300  SERIES 

K>  Open  standards  enabling 
interoperability  and  ease 
of  integration 


- '  •  Flexibility  of  stackable 


or  chassis  configuration 

•  Lifetime  warranty* 

•  Low  cost  of  ownership 

•  legendary  service  and  support 


ProCurve  Networking 


HP  Innovation 


CLICK 


www.hp.com/networking/gigabit 


CONTACT  your  local  HP  reseller 


♦Lifetime  warranty  applies  to  all  ProCurve  Products,  excluding  the  ProCurve  routing  switch  9300m  Series  and  Secure  Access  700wl  Series,  which  have  a  one-year  warranty  with  extensions  available. 
©2004  Hewlett-Packard  Development  Company,  L.P 
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SeaCode  Redefines  Nearshore 
With  Floating  IT  Workforce 


Founders  promise  ‘the  price  of  India 
with  the  proximity  of  the  United  States’ 


BY  PATRICK  THIBODEAU 

What  San  Diego-based  start-up 
SeaCode  Inc.  plans  to  do  is 
nothing  if  not  novel:  anchor  a 
cruise  ship  three  miles  off  the 
coast  of  Los  Angeles,  fill  it  with 
up  to  600  programmers  from 
around  the  world,  eliminate 
visa  restrictions  and  make  it 
easy  for  customers  to  visit  the 
site  via  water  taxi.  The  two  men 
behind  the  venture  —  Roger 
Green,  who  describes  himself  as 
an  IT  and  outsourcing  veteran, 
and  IT  consultant  David  Cook, 
whose  job  history  includes  a 
stint  as  a  ship  captain  —  re¬ 
cently  discussed  their  plan  in  an 
interview  with  Computerworld. 


one  country  versus  another. 

Do  you  have  a  ship  yet?  COOK: 

No,  but  we  have  one  in  mind. 
We  hope  to  have  it  set  up  and 
ready  to  run  by  the  beginning 
of  [next]  year.  She  is  a  used 
cruise  ship. 

Why  anchor  three  miles  off  the 
coast?  COOK:  It’s  just  more  ex¬ 
pensive  for  us  to  sit  alongside 
a  dock,  because  you  have  to 
pay  for  the  berth  space. 

Does  U.S.  labor  law  apply?  COOK: 

U.S.  labor  law  does  not  apply 


except  on  a  U.S.  flagship.  The 
flag  of  the  ship  will  provide 
the  labor  law  —  more  than 
likely  [the  ship  will  be  regis¬ 
tered  in]  Vanuatu,  the  Ba¬ 
hamas  or  Marshall  Islands. 
Their  intellectual  property 
laws,  as  well  as  the  laws  gov¬ 
erning  seamen,  are  very  simi¬ 
lar  to  the  United  States’. 


What  will  life  be  like  for  your  em¬ 
ployees?  COOK:  The  pay  is 
about  three  times  what  they 
earn  in  India  today.  Each  one 
will  have  their  own  room. 
They  will  get  meals  provided 
for  them,  cleaning  provided 
for  them,  shore  leave,  laundry 
and  the  facilities  of  a  cruise 
ship.  This  ship  is  a  working 
cruise  ship  that  we’re  going  to 
buy.  There  will  also  be  a  doc¬ 
tor  on  the  ship.  The  normal 
working  shift  will  be  10  hours. 

What  is  the  salary?  COOK:  Ap¬ 
proximately  $1,800  a  month. 

What  is  your  pricing  going  to  be 
relative  to  India?  GREEN:  We 

will  be  approximately  the 


same  price  as  the  distant- 
shore  companies.  We  will  take 
a  little  less  margin  than  they 
do. 

Do  you  expect  U.S.  residents  to 
apply?  COOK:  Absolutely.  Ap¬ 
proximately  50%  of  the  re¬ 
sumes  that  we’ve  received  are 
from  U.S.  residents. 

Are  you  expecting  any  legislative 
efforts  to  block  what  you’re  do¬ 
ing?  GREEN:  We’re  not  going 
into  business  for  political  rea¬ 
sons.  What  we’re  trying  to  do 
is  accomplish  several  things: 
provide  new  jobs  for  Ameri¬ 
cans;  [provide]  a  better  deal 
for  American  companies  that 
need  to  be  successful  in  engi¬ 
neering  new  products  to  be 
competitive  in  a  global  mar¬ 
ket;  and  third,  we  want  to  keep 
the  dollars  spent  on  this  in  the 
United  States.  This  is  a  step  in 
the  right  direction  and  is  not, 
in  fact,  part  of  the  flow  over¬ 
seas.  ©  55426 


Microsoft’s  Server  Promo  Targets  Midsize  Companies 


What  is  the  business  model? 
GREEN:  The  promise  of  the 
benefits  of  outsourcing  in  dis¬ 
tant  lands  doesn’t  come  free. 
Most  of  the  gotchas  are  relat¬ 
ed  to  the  geography  and  to  the 
cultural  difference. 

What  are  some  of  those  gotchas? 
GREEN:  Communicating  re¬ 
quirements,  doing  knowledge 
transfer  [and]  managing  the 
project  are  very  difficult  to  do 
even  when  you  are  in  the  same 
building,  [let  alone]  when  it’s 
across  the  world. 

That’s  the  same  argument 
made  by  nearshore  providers  in 
Canada.  COOK:  But  we  offer  the 
price  of  India  with  the  prox¬ 
imity  of  the  United  States  — 
that’s  the  differentiator. 

How  does  that  work?  GREEN: 

The  model  is  based  on  making 
a  platform,  if  you  will,  to 
house  these  engineers,  this 
workforce,  which  is  very  close 
to  the  U.S.  but  which  is  in  fact 
not  in  the  U.S.  We  can  pull 
programmers  and  engineers 
from  anywhere  in  the  world.  A 
fact  of  life  is  there  are  differ¬ 
ent  skills  that  are  stronger  in 


BY  CAROL  SLIWA 

MINNEAPOLIS 

Following  the  success  of 
its  software  package  aimed 
at  small  businesses,  Microsoft 
Corp.  last  week  made  its  first 
concerted  effort  to  court 
midsize  companies  with  a 
Windows  Server  System 
promotion. 

Companies  with  25  to  250 
PCs  will  be  targeted  with  the 
new  discounted  offer  for  a  sin¬ 
gle  stock-keeping  unit  (SKU) 
that  combines  three  copies  of 
the  standard  edition  of  Win¬ 
dows  Server  2003,  one  in¬ 
stance  of  Exchange  Server 
2003  Standard  Edition  and  the 
workgroup  edition  of  Micro¬ 
soft  Operations  Manager 
(MOM)  2005.  The  promotion, 
due  to  start  next  month  and 
announced  at  the  company’s 
Worldwide  Partner  Confer¬ 
ence  here,  knocks  about  20% 
off  Microsoft’s  Open  volume 
license  program  prices. 

The  bundle  will  also  include 
50  combination  client  access 
licenses  for  Windows  Server 
and  Exchange  Server  and  dis¬ 
count  options  for  additional 


CALs,  up  to  a  limit  of  250. 

“Microsoft  has  done  fairly 
well  with  the  small-business 
market  by  combining  a  host  of 
SKUs  within  one  integrated 
offering,”  said  Mika  Krammer, 
an  analyst  at  Gartner  Inc. 
“They’ve  dealt  well  with  the 
large  enterprise  market,  which 
has  a  lot  of  its  own  skills  to  se¬ 
lect  and  integrate  technology. 
But  the  midmarket  has  been 
somewhat  underserved  by 
Microsoft.” 

Krammer  said  Microsoft  will 
likely  tweak  the  offering  or 

Windows  Server 
System  Promotion 

WHAT  IT  INCLUDES:  Three 
copies  of  Windows  Server  2003 
Standard  Edition,  and  one  copy 
each  of  Exchange  Server  2003 
Standard  Edition  and  Microsoft 
Operations  Manager  2005  Work¬ 
group  Edition. 


PRICE:  Approximately  $6,400, 
which  includes  50  combination 
CALs  for  Windows  Server  and 
Exchange  Server.  Additional 
CALs  cost  $76,  with  a  limit  of  250. 


add  more  bundled  SKUs  as  it 
figures  out  the  optimal  mid¬ 
market  package.  In  the  mean¬ 
time,  the  existing  promotion 
could  hold  appeal  for  Windows 
Server  users  upgrading  from 
NT  4,  or  for  NetWare  users 
who  are  uneasy  about  follow¬ 
ing  Novell  Inc.’s  Linux  path, 
she  said.  But  a  midsize  compa¬ 
ny  would  have  to  want  all 
three  server  products  in  order 
to  benefit,  Krammer  added. 

MOM  Ices  the  Cake 

MOM’s  price  tag  turned  off 
C.E.  Franklin  Ltd.  in  the  past, 
according  to  David  Curran, 
manager  of  IT  at  the  Calgary, 
Alberta-based  distributor  of 
supplies  to  the  oil  and  gas 
drilling  and  production  indus¬ 
try.  Curran  said  he  would  like 
to  get  MOM  because  it  could 
ease  administration  and  help 
with  system  alerts  at  times  of 
trouble. 

C.E.  Franklin  is  in  the  plan¬ 
ning  stage  to  replace  its  aging 
NT  4  and  Exchange  5.5  servers. 
But  Curran  said  that  with  320 
desktops,  he  will  have  to  deter¬ 
mine  whether  the  promotion 


provides  a  better  price  than 
other  volume  discount  options. 

Realityworks  Inc.  in  Eau 
Claire,  Wis.,  was  afforded  an 
early  opportunity  through 
Microsoft  partner  Inacom  In¬ 
formation  Systems  to  take  ad¬ 
vantage  of  the  midmarket  pro¬ 
motion  to  upgrade  the  NT  4 
and  Exchange  5.5  servers  that 
service  its  58  desktops.  MOM 
was  “icing  on  the  cake,”  said 
Buzz  Burce,  the  company’s 
only  network  administrator. 

Burce  said  that  in  the  past, 
he  had  to  set  up  monitors  and 
alerts  for  each  individual  serv¬ 
er,  but  MOM  will  allow  him  to 
do  that  from  a  central  place. 
“It’s  just  so  much  easier  in  one 
place,”  he  said. 

In  conjunction  with  the  pro¬ 
motion,  Microsoft  is  also  of¬ 
fering  supporting  documenta¬ 
tion  and  tools  to  help  midsize 
businesses  with  their  deploy¬ 
ments.  The  new  guidance  in¬ 
cludes  the  Midsized  Business 
IT  Center  Web  site  within  Mi¬ 
crosoft’s  TechNet  and  a  book 
titled  Windows  Server  System 
Deployment  Guide  for  Mid¬ 
sized  Businesses.  ©  55411 
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SDLT  600  MEMORY  TEST 
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SDLT  600  Results  : 


Cognitive  Memory  Skills  :  Q]  Speed  :  Manageability  : 

High  Capacity  : 


WORM  : 


Compatibility  : 


V  Inf oWorld 


. 

in  repeated  time  trials,  the  SDLT  600  never  reached  the  cheese,  or  even  left  the  starting  line 
for  that  matter.  Perhaps  tapes  don’t  like  cheese.  However,  as  for  data  backup  capacrty  t  e 
SDLT  600  is  a  clear  winner.  It  has  more  capacity  and  more  speed  than  LTO-2  and  AIT-3,  also 
includes  DLTSage1”  diagnostic  management  software  and  DLT/ce”  archival  WORM  functiona  i  y. 
How  do  we  know?  It’s  been  tested.  For  more  info  and  to  see  the  whitepaper,  visit  DLTtape.com. 
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European  Parliament 
Trounces  Patent  Bill 

BRUSSELS 

he  European  Parliament  last 
week  overwhelmingly  rejected  in 
a  648-18  vote  legislation  that  critics 
argued  would  have  allowed  widespread 
patenting  of  software  in  Europe. 

It  has  been  one  of  the  most  contro¬ 
versial  pieces  of  legislation  in  the  his¬ 
tory  of  the  European  Union.  Support¬ 
ers  said  the  measure  was  essential  to 
harmonize  patent  laws  across  the  25 
EU  member  states.  Opponents,  includ¬ 
ing  many  from  the  open-source  soft¬ 
ware  community,  said  that  it  would 
have  allowed  a  wide  range  of  computer 
programs  to  be  patented 
and  that  it  would  have 
given  large  technology 
vendors  too  much  power 
in  the  software  market. 

The  rejection  brings  to 
an  end  four  years  of  work 
on  the  proposal,  and  the 
European  Commission 
has  said  it  won’t  try  to 
draft  a  new  version. 

As  a  result,  patents  for 
computer-related  inven¬ 
tions  “will  continue  to  be 


issued  by  national  patent  offices  and 
the  European  Patent  Office,”  EU  Com¬ 
missioner  Benita  Ferrero-Waldner  said 
after  the  vote.  There  will  be  “no  har¬ 
monization  at  the  EU  level,”  she  said. 

■  SIMON  TAYLOR,  IDG  NEWS  SERVICE 


Undersea  Cable  Cut 
Hampers  Pakistan  Users 

BANGALORE,  INDIA 

A  ship’s  anchor  cut  the  undersea 
cable  that  provides  most  of  Pak¬ 
istan’s  Internet  connectivity  and 
international  telephone  service  on 
June  27,  but  the  difficult  repair  work  is 
under  way  and  is  expected  to  be  com¬ 
pleted  this  week. 

The  damage  to  the 
cable  has  crippled  Pak¬ 
istan’s  economy,  particu¬ 
larly  its  call  center  indus¬ 
try,  banks  and  online 
stock  trading,  said  V.A. 
Abdi,  secretary  of  the  In¬ 
ternet  Service  Providers 
Association  of  Pakistan 
in  Karachi.  The  country 
has  to  make  do  with 
the  lOOMbit/sec.  of 
bandwidth  provided  by 
satellite,  instead  of  the 


775Mb it/sec.  of  bandwidth  that  Pak¬ 
istan  had  before  the  cable  break,  Abdi 
said  in  a  telephone  interview  last 
week. 

The  repair  crew  has  been  hampered 
by  a  monsoon  and  shallow  water  at  the 
site,  which  has  made  it  difficult  to  nav¬ 
igate  the  repair  ship. 

■  JOHN  RIBEIR0,  IDG  NEWS  SERVICE 


Sasser  Worm  Creator 
Convicted  in  Germany 

PARIS 

german  teenager  who  con¬ 
fessed  to  creating  the  Sasser  com¬ 
puter  worm  was  found  guilty  of 
three  counts  of  computer  sabotage  and 
four  counts  of  data  manipulation.  He 
was  given  a  suspended  sentence  of  21 
months. 

Sven  Jaschan,  19,  was  sentenced  at 
the  district  court  in  Verden,  Germany, 
last  week  after  a  brief  trial  [QuickLink 
55302].  Jaschan  was  released  on  three 
years’  probation  and  must  perform  30 
hours  of  community  service,  a  court 
statement  said.  He  could  also  face  civil 
lawsuits  from  companies  whose  IT 
systems  were  infected  by  Sasser,  which 
spread  on  the  Internet  in  May  2004 
and  crashed  hundreds  of  thousands  of 
computers  worldwide  by  exploiting  a 
hole  in  Windows.  ©  55405 
■  PETER  SAYER,  IDG  NEWS  SERVICE 
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GLOBAL  FACT 


Percentage  of  Japanese 
companies  that  have 
some  servers  running  an 
open-source  operating 
system. 

SOURCE:  JAPAN’S  MINISTRY  OF 
INTERNAL  AFFAIRS  AND 
COMMUNICATIONS 


Briefly  Noted 

Wipro  Ltd.,  India’s  third-largest 
software  and  services  outsourcing 
firm,  has  lost  a  key  executive.  The 
Bangalore-based  company’s  vice 
chairman  and  CEO,  Vivek  Paul,  is 
leaving  to  become  a  partner  at 
Texas  Pacific  Group,  a  private  in¬ 
vestment  firm  in  Fort  Worth,  Wipro 
announced  late  last  month. 

■  JOHN  RIBEIR0,  IDG  NEWS  SERVICE 


The  Peacock  Group  PLC,  a  fast¬ 
growing  clothing  and  housewares 
retailer  based  in  Cardiff,  Wales,  has 
selected  fraud-detection  software 
from  Innovetra  Ltd.,  a  retail  business 
intelligence  software  vendor  in  Lon¬ 
don.  The  software  analyzes  point- 
of-sale  data  overnight  and  reports 
suspicious  activity  the  next  morning. 


China’s  Sino-lndia  Cooperative 
Office  recently  announced  a  joint 
venture  with  Microsoft  Corp.  and 
Tata  Consultancy  Services  Ltd.,  an 
outsourcing  firm  based  in  Mumbai, 
India,  to  offer  IT  outsourcing  ser¬ 
vices  to  global  and  domestic  cus¬ 
tomers.  The  venture  will  start  early 
next  year  at  Beijing’s  Zhongguan- 
cun  Software  Park. 


Oracle  to  Acquire  Another  Retail  Software  Maker 

ProfitLogic  purchase  follows  Retek  buy 


BY  STACY  COWLEY 
AND  CAROL  SLIWA 

Oracle  Corp.  last  week  contin¬ 
ued  its  foray  into  the  retail  in¬ 
dustry  with  a  deal  to  acquire 
privately  held  ProfitLogic  Inc., 
a  Cambridge,  Mass.-based  de¬ 
veloper  of  profit  optimization 
software  for  retailers.  Finan¬ 
cial  terms  weren’t  disclosed. 

The  acquisition  follows 
Oracle’s  high-profile  purchase 
of  retail  ERP  software  maker 
Retek  Inc.  for  about  $670  mil¬ 
lion  in  April  [QuickLink 
53620].  ProfitLogic  makes 
software  that  analyzes  factors 
such  as  inventory,  pricing  and 
promotions  to  help  retailers 
optimize  their  financial  strate¬ 
gies  and  improve  their  profit 
margins. 

Montreal-based  Reitmans 


Canada  Ltd.,  a  retail  chain 
with  nearly  900  stores  across 
Canada,  uses  software  from  all 
three  companies  that  Oracle 
acquired  this  year  —  People- 
Soft,  Retek  and  ProfitLogic. 
The  specialty  retailer  had 
good  experiences  during  the 
PeopleSoft  and  Retek  acquisi¬ 
tions,  so  it’s  happy  about  the 
ProfitLogic  purchase,  said  Di¬ 
ane  Randolph,  director  of  mer¬ 
chandising  business  processes. 

“We  trust  they  know  how  to 
acquire  and  merge  businesses 
while  still  maintaining  their 
customer  service,”  said  Ran¬ 
dolph.  She  added  that  before 
the  acquisitions,  “our  IT  shop 
was  forced  to  do  a  lot  of  inte¬ 
gration  between  these  differ¬ 
ent  pieces.  Now  we  can  expect 
a  lot  more  of  that  integration 


to  come  with  the  solution.” 

Reitmans  is  in  the  process 
of  rolling  out  ProfitLogic  soft¬ 
ware  for  “assortment  execu¬ 
tion,”  to  get  “the  right  goods 
at  the  right  time  in  the  right 
stores,”  Randolph  noted. 

She  acknowledged  that  Reit- 


AT  A  GLANCE 


Customer  Gains 

Oracle  will  be  acquiring 
ProfitLogic’s  relationships  with 
high-profile  retail  customers 
such  as  these: 

■  GAP  INC. 

■  SEARS,  ROEBUCK  AND  CO. 

■  BLOOMINGDALE’S  INC. 

■  J.C.  PENNEY  CO. 

■  BURLINGTON  COAT  FAC¬ 
TORY  WAREHOUSE  CORP. 


mans  will  now  be  more  de¬ 
pendent  on  one  vendor  and 
could  lose  some  negotiating 
power  in  terms  of  pricing. 

“But  we’re  confident  that 
Oracle  will  respond  appropri¬ 
ately,  because  they  are  still 
facing  competition  from  SAP 
and  others,”  she  said. 

A  Good  Fit 

ProfitLogic  is  a  smart  pur¬ 
chase  for  Oracle,  according  to 
retail  analyst  Alexi  Sarnevitz 
at  AMR  Research  Inc.  He  said 
that  ProfitLogic’s  analytics 
software  is  among  the  most 
sophisticated  in  the  industry 
and  that  it  will  be  complemen¬ 
tary  to  Retek’s  capabilities. 

Before  buying  Retek,  Oracle 
had  a  limited  presence  in  the 
retail  industry.  Now,  in  a  mat¬ 
ter  of  months,  it  has  positioned 
itself  as  a  major  vendor  in  the 


sector,  where  rival  SAP  AG 
also  competes.  Oracle  very 
publicly  snatched  Retek  away 
from  SAP  in  a  bidding  war. 

Richard  Flaks,  senior  vice 
president  of  planning,  alloca¬ 
tion  and  IT  at  The  Children’s 
Place  Retail  Stores  Inc.,  said 
he’s  still  digesting  the  acquisi¬ 
tion  news  and  wants  to  talk  to 
ProfitLogic  “to  get  an  under¬ 
standing  of  why  this  is  good 
for  us.”  The  Secaucus,  N.J.- 
based  retailer  is  “in  the 
eleventh  hour”  of  implement¬ 
ing  ProfitLogic  software  for 
markdown  optimization. 

“I’m  hoping  that  we  don’t 
lose  the  charm  of  ProfitLogic,” 
he  said.  “They’re  small  and 
very  services-oriented.  I’m 
hoping  there  will  be  some 
benefits  of  leveraging  the 
power  of  a  large  organization.” 
©  55409 


Cowley  writes  for  the  IDG 
News  Service. 


OWE 


SAS®  SOFTWARE  AND  INTEL® 

ITANIUM®  2  PROCESSOR-BASED  SERVERS 


■  I 

■  V  j 

SAS  and  Intel  give 

PFIZER  HEALTH 
SOLUTIONS  INC 


The  Power  to  Know* 
how  to  help  its  clients 
provide  effective  healthcare 
to  more  than  a  half-million 
patients.  Read  our  success 
story  at  www.sas.com/phs. 

V  _ J 


Power  users  have  been  tapping  into  SAS’  unmatched  breadth  and  depth  of  analytics  for  years  to  drive  their 
organizations  forward.  Now  innovation  can  come  from  anyone,  anywhere  in  your  company.  While  most 
Bl  vendors  deliver  historical  reporting  solutions,  SAS®  business  intelligence  and  analytics  software  -  on 
Intel®  Itanium®  2  processor-based  servers  -  empowers  you  to  predict  outcomes  and  make  more  effective 
decisions  throughout  your  enterprise.  SAS  takes  you  Beyond  Bl ™  by  making  it  easy  to  put  the  power  to 
know  in  the  hands  of  everyone. 

^  go  Beyond  Bl™  at  www.sas.com/Bltour  ■  Free  product  tour 


SAS  and  all  other  SAS  Institute  Inc.  product  or  service  names  are  registered  trademarks  or  trademarks  of  SAS  Institute  Inc.  in  the  USA  and  other  countries.  ®  indicates  USA  registration.  Other  brand  and  product  names  are  trademarks  ot  their  respective  companies.  ©  2005  SAS  Institute  tnc. 
All  rights  reserved.  ©  2005  Intel  Corporation.  All  rights  reserved.  Intel,  the  Intel  logo,  and  Itanium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  329693US.0505 
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IBM  Adds  Software 
For  Gov’t  Agencies 


IBM  announced  last  week  a  ver¬ 
sion  of  its  financial  controls  com¬ 
pliance  software  that’s  designed 
to  help  U.S.  government  agencies 
meet  an  Oct.  1  deadline  for  better 
financial  reporting.  The  new  ver¬ 
sion  of  IBM’s  Workplace  for  Busi¬ 
ness  Controls  and  Reporting  soft¬ 
ware  is  aimed  at  federal  agencies 
that  have  to  comply  with  White 
House  Office  of  Management  and 
Budget  regulations  similar  to 
those  of  the  Sarbanes-Oxley  Act. 


Linux  Vendors  Issue 
Critical  Patches 

Gentoo  Foundation  Inc.  has 
warned  of  a  serious,  unpatched 
security  flaw  in  Zlib,  a  compres¬ 
sion  library  widely  used  in  Linux 
and  Unix  applications.  The  bug 
could  be  exploited  to  crash  any 
application  using  Zlib  and  to  run 
malicious  code  on  a  system,  se¬ 
curity  experts  warned.  Ubuntu, 
Red  Hat  Inc.,  Gentoo,  SUSE  Linux 
AG,  the  Debian  Project  and  The 
FreeBSD  Foundation  have  issued 
their  own  patches  to  the  library. 


Study:  Threat  of  IM 
Attacks  Increasing 

A  study  released  last  week  found 
that  hackers  and  virus  writers  are 
increasingly  exploiting  the  oppor¬ 
tunities  presented  by  instant-mes- 
saging-based  attacks.  The  number 
of  IM  attacks  such  as  viruses, 
worms  and  phishing  scams  has  in¬ 
creased  from  20  for  all  of  2004  to 
571  in  the  second  quarter  of  2005 
alone,  said  security  vendor  IMIogic 
Inc.,  which  conducted  the  study. 


Short  Takes 

CURRENT  COMMUNICATIONS 
GROUP  LLC,  a  provider  of  broad- 
band-over-power-line  service, 
has  received  funding  from  Google 
Inc.,  Goldman  Sachs  &  Co.  and 
The  Hearst  Corp. . . .  SIEBEL 
SYSTEMS  !NC.  warned  of  another 
set  of  grim  quarterly  results.  It 
blamed  delayed  deals,  particularly 
in  the  public  sector. 
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London 

diction  for  dealing  with  these 
kinds  of  issues”  for  some  time 
now,  said  Jack  Riley,  an  analyst 
at  Rand  Corp.  in  Santa  Moni¬ 
ca,  Calif.  Ever  since  a  series  of 
Irish  Republican  Army  bomb¬ 
ings  in  London’s 
subways  in  the 
1970s,  the  city  has 
been  seen  as  a 
model  when  it 
comes  to  protect¬ 
ing  public  transit 
systems,  he  said. 

“The  fact  that  terrorists 
were  able  to  carry  out  some¬ 
thing  like  this  in  London  is  an 
indication  of  how  difficult  it  is 
to  predict  and  prevent  this 
kind  of  attack,”  Riley  said. 

A  series  of  four  explosions 
rocked  London’s  public  trans¬ 
port  system  on  Thursday, 
killing  at  least  50  people  and 
injuring  700  more.  Three  of 
the  explosions  occurred  on 
London’s  underground  com¬ 
muter-rail  system,  while  the 
fourth  ripped  through  a  dou¬ 
ble-decker  bus. 

On  Alert 

A  lot  of  “common-sense  mea¬ 


tools  for  monitoring  tracks, 
cars  and  engines;  and  com- 
mand-and-control  tools  to 
centrally  manage  security, 
according  to  experts. 

At  a  national  level,  the 
amount  needed  for  such  in¬ 
creased  security  is  around 
$6  billion,  according  to  the 
American  Public  Transporta¬ 
tion  Association 
(APTA),  a  non¬ 
profit  group  of 
1,500  member 
organizations  in 
Washington. 

So  far,  the  public 
transportation  in¬ 
dustry  has  received  only  $250 
million  in  federal  security 
funding  since  9/11,  compared 
with  the  more  than  $18  billion 
that  has  been  provided  to  the 
aviation  industry,  the  APTA 
said  in  a  statement  released 
after  the  London  bombings. 

“Since  9/11,  the  federal  gov¬ 
ernment’s  funding  of  transit 
security  has  been  woefully  in¬ 


adequate,”  APTA  President 
William  Millar  said  in  the 
statement. 

Mark  Short,  a  spokesman  for 
the  U.S.  Department  of  Home¬ 
land  Security,  said  the  APTA 
numbers  “grossly  underesti¬ 
mate”  the  investments  made  in 
transit  security.  For  instance, 
more  than  $8  billion  has  been 
disbursed  to  state  and  local 
governments  for  use  in  anti¬ 
terrorism  measures,  including 
rail,  metro  and  subway  systems. 

Some  of  the  security  tech¬ 
nologies  being  considered  by 
the  aviation  industry  are  im¬ 
practical  for  the  public  transit 
sector,  Riley  said.  For  instance, 
after  the  Madrid  bombings, 
U.S.  officials  considered  using 
technology  capable  of  “sniff¬ 
ing”  passengers  for  the  pres¬ 
ence  of  explosives. 

“We  are  at  least  a  decade 
away  before  we  can  even 
imagine  using  it  in  the  context 
of  mass  transportation”  be¬ 
cause  of  the  number  of  people 


involved,  Riley  said.  The  same 
is  true  for  other  technologies 
being  eyed  by  the  aviation  in¬ 
dustry,  including  continuous 
air-sampling  tools  and  jam¬ 
ming  products  designed  to 
prevent  explosive  devices 
from  being  remotely  triggered. 

The  degree  to  which  rail 
systems  are  trying  to  address 
the  problem  varies  widely 
across  the  country,  said  Henry 
Nocella,  chairman  of  the 
standing  consul  on  global  ter¬ 
rorism  at  ASIS  International, 
an  Alexandria,  Va.-based  secu¬ 
rity  organization  with  33,000 
members.  “The  simple  fact  is 
that  progress  has  been  made, 
but  it  is  sporadic  and  it  is  not 
consistent,”  he  said. 

Ultimately,  the  emphasis 
has  to  be  on  emergency  re¬ 
sponse  as  well  as  prevention, 
said  Bruce  Schneier,  chief 
technology  officer  at  Counter¬ 
pane  Internet  Security  Inc. 
in  Mountain  View,  Calif. 

O  55438 


Attack  in  U.S.  Would  Tax  Emergency 
Tracking  for  Mobile  Phone  Users 


MORE  ONUNE 

Go  to  our  Web  site  for 
additional  coverage  of  the 
London  terror  attack: 

O  QuickLink  a6500 
www.computerworld.com 


sures”  have  been  taken  in  the 
U.S.  since  Sept.  11,  2001,  and 
the  Madrid  bombings  in 
March  2004  to  better  protect 
public  transit  systems  against 
such  attacks,  said  Daniel 
Prieto,  research  director  of  the 
Homeland  Security  Partner¬ 
ship  Initiative  at  the  Belfer 
Center  for  Science  and  Inter¬ 
national  Affairs  at  Harvard 
University. 

Those  measures  include  the 
deployment  of  more  security 
guards  and  bomb-sniffing 
dogs,  public-awareness  cam¬ 
paigns  and  the  installation 
of  better  lighting  and  video¬ 
surveillance  cameras  in  sta¬ 
tions,  he  said. 

“But  if  you  go  out  and  talk 
to  transit  authorities  nation¬ 
wide,  the  biggest  impediment 
to  better  security  is  a  lack  of 
funding,”  Prieto  said. 

Increasingly,  transit  authori¬ 
ties  are  looking  for  more  mon¬ 
ey  for  cameras;  fences;  hard¬ 
ened  tunnels;  intrusion-  and 
radiation-detection  systems; 


IF  ATTACKS  SIMILAR  to  those 
that  occurred  last  week  in  Lon¬ 
don  were  to  happen  in  the  U.S., 
it  would  be  difficult  for  emer¬ 
gency  crews  to  locate  people  try¬ 
ing  to  summon  help  via  their  cell 
phones,  according  to  experts. 

Despite  efforts  after  the  Sept. 
11, 2001,  terrorist  attacks  to  beef 
up  mobile  services  so  cell 
phones  could  be  used  to  help 
track  down  people,  “we’re  in  a 
sad  state  of  affairs  in  the  U.S.,’’ 
said  Jack  Sold,  an  independent 
analyst  at  J.  Gold  Associates  in 
Northboro,  Mass.  “If  we  faced  a 
major  disaster  like  London  and 
had  to  locate  injured  people  on 
cell  phones  today,  maybe  one  or 
two  could  be  located,  but  the 
system  couldn’t  handle  hun¬ 
dreds  of  calls. 

“Location  [tracking]  is  not  an 
easy  thing  to  do,”  he  added. 

Part  of  the  problem  with  using 
enhanced  911  (E911)  wireless 
services  would  be  too  many 
people  making  calls  at  the  same 
time,  Gold  said.  Also,  technical 


complexities  and  costs  have 
slowed  efforts  by  wireless  carri¬ 
ers  to  implement  automatic  sys¬ 
tems  that  could  be  used  to  lo¬ 
cate  cell  phone  callers,  Gold  and 
other  experts  said. 

“It’s  a  very  difficult  problem, 
given  the  wireless  infrastruc¬ 
ture,"  Gold  said.  “Don’t  count  on 
being  rescued  with  your  wireless 
phone  unless  you  know  exactly 
where  you  are"  and  can  tell  an 
emergency  operator  clearly. 

Not  There  Yet 

Colleen  Boothby,  an  attorney  at 
Levine,  Blaszak,  Block  &  Booth¬ 
by  LLP  in  Washington,  said  wire¬ 
less  E911  is  “a  lot  better  than  it 
was  five  years  ago,”  but  she 
agreed  that  the  service  isn’t 
where  public  officials  want  it  to 
be  because  of  some  “very  tech¬ 
nical  issues." 

:  E911  tracking  will  become  es- 

•  pecially  complex  for  voice-over- 

:  IP  phones,  which  can  be  wired 
or  wireless.  Boothby  and  Gold 
said.  The  Federal  Communica- 


:  tions  Commission  in  May  set 
minimum  standards  to  help  de- 
:  termine  the  location  of  VoIP 
:  users,  such  as  requiring  VoIP 
providers  to  record  a  street  ad¬ 
dress  for  a  user  when  he  signs 
:  up  for  service. 

The  dilemma  of  tracking  cell 
phone  users  has  led  to  new 
technologies,  including  one  to 
be  developed  through  a  collabo¬ 
ration  announced  last  week  be¬ 
tween  Telecommunication  Sys¬ 
tems  Inc.  (TCS)  in  Annapolis, 
Md„  and  Skyhook  Wireless  Inc. 
in  Boston.  Skyhook’s  Wi-Fi  Posi¬ 
tioning  System  will  be  integrated 
with  routing  technology  in  TCS’s 
VoIP  E911  service,  said  Skyhook 
CEO  Ted  Morgan. 

Skyhook  locates  and  records 
thousands  of  Wi-Fi  access 
points  in  major  cities  and  keeps 
them  in  a  database,  so  when  a 
;  Wi-Fi  call  is  made,  the  location 
of  the  access  point  and  others 
•  nearby  can  be  sent  to  emer¬ 
gency  personnel,  Morgan  said. 

-Matt  Hamblen 
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Positive  mad  cow 
test  prompts  call 
to  add  resources 

BY  MARC  L.  SONGINI 

N  AUTOMATED  na¬ 
tional  system  for 
tracking  animals 
seems  years  away 
from  being  operational  be¬ 
cause  of  numerous  challenges. 
But  some  experts  are  pushing 
the  U.S.  to  quicken  the  pace, 
since  a  cow  tested  positive 
for  bovine  spongiform  en¬ 
cephalopathy  (BSE),  or  mad 
cow  disease,  last  month  in 
Iowa. 

Although  the  Department  of 
Agriculture  has  been  actively 
working  on  a  livestock-track¬ 
ing  program  since  2003,  the 
U.S.  continues  to  lag  behind 
beef-producing  rivals  such  as 
Japan,  Australia  and  the  U.K. 
[QuickLink  43786]. 

“The  bottom  line  is  that  the 


ID  System  in  the  Works 

The  USDA  project,  dubbed 
the  National  Animal  Identifi¬ 
cation  System  (NAIS),  was  of¬ 
ficially  launched  after  the  dis¬ 
covery  of  a  case  of  mad  cow 
disease  in  Washington  state  in 
2003  [QuickLink  43792],  The 
department  is  drafting  a  strate¬ 
gic  plan  and  program  specifi¬ 
cations;  the  deadline  for  public 
comments  was  last  week. 

So  far,  the  big  challenges 
are  securing  adequate  funding 
and  selecting  the  right  tech¬ 
nology. 

Although  there  is  no  official 


technologies  such  as  optical 
scanning  are  also  being  re¬ 
searched. 

The  USDA  says  a  fully  oper¬ 
ational  system  is  slated  to  be 
ready  in  2009,  when  partici¬ 
pants  will  be  required  to  have 
both  their  premises  and  ani¬ 
mals  logged  into  a  national 
database  that  will  enable  a 
complete  trace  within  48 
hours. 

But  the  effort  to  reach  that 
goal  still  faces  considerable 
problems,  according  to  indus- 


U.S.  Effort  to  Create 


Animal 


ID  System  Lags 


program  needs  to  move  ahead 
more  quickly  than  it  is,”  said 
Dee  Von  Bailey,  an  agro-econo¬ 
mist  at  Utah  State  University 
in  Logan,  Utah.  “If  additional 
cases  of  BSE  are  confirmed  in 
the  U.S.,  it  will  provide  addi¬ 
tional  incentives  to  accelerate 
the  implementation  of  the 
program,”  he  said. 


estimate,  some  observers  have 
pegged  the  long-term  cost  of 
the  NAIS  project  at  $600  mil¬ 
lion  or  more.  Cattle  ranchers 
expect  the  system  to  be  based 
primarily  on  radio  frequency 
identification  (RFID)  tags, 
though  the  USDA  says  other 


try  insiders. 

To  date,  adequate  funding 
for  the  program  hasn’t  been 
allocated,  said  Jess  Petersen, 
director  of  government  rela¬ 
tions  at  the  Ranchers-Cattle- 
men  Action  Legal  Fund,  Unit¬ 
ed  Stockgrowers  of  America,  a 
trade  and  marketing  group  in 
Washington. 

A  USDA  spokeswoman  said 
the  government  appropriated 
$33  million  for  the  project  in 
2005,  with  another  $33  million 
included  in  the  White  House’s 
2006  budget.  She  added  that 
the  agency  will  let  the  indus¬ 
try  decide  on  the  technology. 

“There  is  still  a  major  de¬ 
bate  going  on  in  the  industry,” 
Robert  Fourdraine,  chief  oper¬ 
ating  officer  of  the  Wisconsin 
Livestock  Identification  Con¬ 
sortium  and  a  member  of  the 
NAIS  subcommittee,  said  in  an 
e-mail.  “Certain  groups  feel 
USDA  is  going  too  fast,  while 
others  think  too  slow.” 

Participants  in  the  effort  to 
create  the  ID  system  exist  in 
every  state  and  include  vari¬ 
ous  industry  associations  and 
cattle-raising  Native  American 
tribes,  the  USDA  spokes¬ 
woman  said.  ©  55396 


Previews  CRM  3.0 


Microsoft 

New  version  will 
have  database 
marketing  module 

BY  PETER  SAYER  AND 
STACY  COWLEY 

Microsoft  Corp.  last  week  out¬ 
lined  plans  to  release  a  new 
version  of  its  CRM  software  in 
the  fourth  quarter  of  this  year. 
The  upgrade  will  feature  one 
module  for  managing  direct 
marketing  campaigns  and  an¬ 
other  for  scheduling  person¬ 
nel  and  resources. 

The  new  version  is  a  leap 
forward  in  numbering,  too: 
Microsoft  is  jumping  directly 
from  the  current  Version  1.2  to 
Version  3.0. 

Customers  will  be  able  to 
use  Microsoft  CRM  3.0  either 
as  a  packaged  product  run  in- 
house  or  as  a  hosted,  subscrip¬ 
tion-based  service. 


Analysts  said  the  new  ver¬ 
sion,  which  will  begin  ship¬ 
ping  to  Microsoft  partners 
this  month,  may  finally  make 
Microsoft’s  CRM  offering 
competitive  with  other  mid¬ 
market  CRM  systems. 

“The  new  product  has  fixed 
a  lot  of  the  holes,”  said  Sheryl 
Kingstone,  an  analyst  at  The 
Yankee  Group. 

For  example,  in  response  to 
requests  from  users,  the  new 
version  looks  more  like  Micro¬ 
soft’s  widely  used  Outlook 
personal  information  manager, 
said  Brad  Wilson,  general 
manager  of  Microsoft  CRM. 

A  couple  of  Microsoft  CRM 
1.2  customers  said  they’re 
looking  forward  to  3.0’s  new 
features,  particularly  the  tight 
Outlook  integration. 

Darryl  Nitke,  CIO  at  Cosa 
Instruments  Corp.,  a  distribu¬ 
tor  of  sensors,  meters  and  in¬ 


dustrial  controls  in  Yaphank, 
N.Y.,  said  he  wants  to  be  able 
to  create  a  task  in  the  CRM 
application  and  see  the  data 
replicated  in  his  Outlook  cal¬ 
endar  automatically. 

Nitke  said  another  feature 
in  CRM  3.0  will  enable  sales¬ 
people  to  better  manage  their 
prospects  by  permitting  every 
recorded  contact  with  a  client 
to  be  aggregated  and  arranged 
chronologically. 

He  added  that  native  sup¬ 
port  for  this  feature  could 
eliminate  the  need  for  a  third- 


H  [Microsoft 
CRM  3.0] 
has  fixed  a  lot  of 
the  holes. 


SHERYL  KINGSTONE,  ANALYST. 
THE  YANKEE  GROUP 


party  tool  that  costs  $50  per 
seat. 

The  new  version’s  ability  to 
do  more  detailed  scheduling 
and  its  database  schema  ex¬ 
tension  are  of  great  interest 
to  Rick  Shrum,  director  of  IT 
for  the  Seattle  SuperSonics 
and  Seattle  Storm  basketball 
teams. 

However,  Shrum  said  that 
he  has  questions  about  what 
the  process  of  upgrading  from 
1.2  to  3.0  will  be  like. 

Microsoft  is  still  deciding 
how  the  new  modules  will  be 
priced  and  packaged,  accord¬ 
ing  to  Wilson. 

The  decision  to  skip  ahead 
to  Version  3.0  reflects  the 
magnitude  of  the  updates,  he 
said.  Late  last  year,  Microsoft 
was  preparing  to  release  CRM 
2.0,  but  feedback  from  part¬ 
ners  during  alpha  testing  con¬ 
vinced  Microsoft  to  delay  the 
software  to  add  new  features, 
Wilson  said. 

“A  lot  of  what  our  partners 
had  asked  for  were  things  that 


were  already  in  our  3.0  road 
map,”  he  said. 

Microsoft  claimed  that 
about  4,000  organizations  are 
running  Microsoft  CRM,  and 
some  analyst  research  sug¬ 
gests  that  the  number  could 
grow  rapidly. 

In  a  recent  Forrester  Re¬ 
search  Inc.  survey  of  1,000 
small  and  midsize  businesses, 
Microsoft  was  the  vendor 
most  commonly  named  by  re¬ 
spondents  who  said  they’re 
evaluating  CRM  software,  For¬ 
rester  analyst  Liz  Herbert  said. 

Customers  have  had  a  long 
wait  for  Microsoft’s  CRM  up¬ 
date;  Version  1.2  came  out  in 
December  2003. 

Microsoft  said  it  will  release 
CRM  3.0  to  existing  users  in 
the  fourth  quarter  and  sell  it 
to  new  customers  in  the  first 
quarter  of  next  year.  ©  55398. 


Sayer  and  Cowley  write  for  the 
IDG  News  Service.  Computer- 
world’s  Marc  L.  Songini  con¬ 
tributed  to  this  article. 
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Financial  Firms  to  Share  Identity  Theft  Data  With  FTC 


Information  sharing  is  expected  to  help 
police  with  cross-border  investigations 


BY  GRANT  GROSS 

WASHINGTON 

A  U.S.  center  that  helps  vic¬ 
tims  of  identity  theft  plans  to 
share  consumer  complaint  in¬ 
formation  with  the  Federal 
Trade  Commission  and  law 
enforcement  agencies  to  im¬ 
prove  investigations. 

The  Identity  Theft  Assis¬ 
tance  Center  (ITAC)  will  be¬ 
gin  sharing  information  such 
as  the  types  of  scams  reported 
and  suspected  offenders  iden¬ 
tified  by  victims,  the  center 
announced  last  week.  The 
ITAC  is  supported  by  48  large 
financial  services  companies. 

The  center  plans  to  provide 


the  FTC  with  that  information 
in  about  six  weeks.  The  FTC, 
in  turn,  will  share  the  data 
with  law  enforcement  agen¬ 
cies  across  the  U.S. 

ITAC  officials  hope  such 
information  sharing  will  help 
police  investigate  identity 
theft  crimes,  according  to 
Anne  Wallace,  executive  di¬ 
rector  of  Identity  Theft  Assis¬ 
tance  Corp.,  the  Washington- 
based  nonprofit  organization 
that  operates  the  center. 

The  ITAC  will  share  infor¬ 
mation  only  when  victims  give 
their  permission,  she  said. 

In  many  cases  of  identity 
theft,  local  law  enforcement 


agencies  don’t  have  informa¬ 
tion  about  identity  theft  inves¬ 
tigations  in  bordering  counties 
or  cities,  Wallace  said. 

With  millions  of  identity 
theft  cases  reported  in  the  U.S. 
each  year,  small  cases  that 
have  no  obvious  links  to  other 
local  cases  can  end  up  on  an 
investigative  back  burner, 
she  said. 

Getting  the  Big  Picture 

Investigators  “don’t  have  the 
big  picture  in  many  cases,” 
Wallace  said.  “The  goal  is  to 
allow  investigators  to  find 
more  than  one  case  —  to 
make  links  between  multiple 
cases.” 

In  the  past,  financial  ser¬ 
vices  companies  often  shared 
identity  theft  data  with  local 


Identity  Theft  Hot  Spots 


States  with  the  most  incidents 
of  identity  theft  per  capita: 


law  enforcement  agencies,  but 
there  was  no  national  data- 
sharing  effort,  she  said. 

The  FTC  and  ITAC  have 
had  a  working  relationship 
since  the  center  was  founded 
in  October  2003,  Wallace  said. 

The  FTC  also  has  relation¬ 
ships  with  about  1,200  law  en¬ 
forcement  agencies  across  the 


U.S.,  added  Lois  Greisman,  an 
associate  director  in  charge  of 
the  identity  theft  program  at 
the  FTC. 

The  ITAC  is  supported 
by  members  of  the  industry 
group  The  Financial  Services 
Roundtable  and  its  IT  sister 
organization,  BITS.  ITAC’s 
goal  is  to  help  victims  of 
identity  theft  resolve  their 
problems. 

Among  the  supporting  com¬ 
panies  are  BB&T  Corp.,  Ford 
Motor  Credit  Co.,  MBNA 
Corp.,  U.S.  Bancorp  and  Wells 
Fargo  &  Co.  O  55397 


Gross  writes  for  the  IDG 
News  Service. 


READ  MORE  ONLINE 

More  news  about  data  protection  can  be 
found  at  our  Security  Knowledge  Center: 
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DON  TENNANT 


Just  Imagine 


TEND  TO  HAVE  a  favorite  quote  in  each 
week’s  issue  —  one  that  conveys  a  fact  of  life 
in  a  few  simple  words.  Last  week,  I  found  it 
in  Gary  Anthes’  story  “Love  that  ‘Legacy’  ” 
[QuickLink  55070],  where  Northrop  Grumman 
Ship  Systems  CIO  Jan  Rideout  cautioned  against  ex¬ 
pectations  of  big  maintenance  cost  savings  by  mov¬ 
ing  applications  off  a  mainframe. 

“That’s  overhyped  by 


the  suppliers  who  want  to 
encourage  you  to  replace 
your  mainframe  systems,” 

Rideout  said. 

She’s  right,  of  course. 

So  few  vendors  are  mak¬ 
ing  money  off  of  main¬ 
frames  that  there’s  a  con¬ 
certed  effort  afoot  to  con¬ 
vince  you  to  abandon 
them.  The  easiest  way  to 
do  that  is  to  create  a  buzz 
that  positions  mainframes 
as  dinosaurs  and  the  person  who 
supports  them  as  a  troglodyte  who 
would  dent  a  blade  server  if  he 
bumped  his  head  on  it. 

It  has  gotten  to  the  point  where 
some  vendors  who  make  money  off 
of  mainframe  hardware  and  software 
are  embarrassed  to  admit  it.  How  are 
they  supposed  to  position  them¬ 
selves  as  suppliers  for  tomorrow’s 
technology  without  intentionally 
coughing  over  the  word  mainframe ? 

Fortunately,  that’s  not  IT’s  prob¬ 
lem.  IT’s  problem  is  supporting  the 
business,  and  mainframes  are  going 
to  play  a  central  role  in  doing  that 
indefinitely.  True,  there  are  legiti¬ 
mate  reasons  to  migrate  certain  ap¬ 
plications  off  of  mainframes  when 
business  needs  change.  That’s  what 
happened  at  Northrop  Grumman. 
From  a  technical  standpoint,  there 
was  no  reason  to  replace  the  old 
code.  “The  mainframe  environment 
is  very  secure,  configuration  man¬ 
agement  is  excellent,  and  we  have 
excellent  tools,”  Rideout  says.  Proc¬ 
ess  improvements  such  as  introduc¬ 
ing  wireless  devices  that  needed  to 


don  tennant  is  editor  in 
chief  of  Computerworld. 
You  can  contact  him  at 

donjennant® 

computerworld.com. 


be  integrated  with  back¬ 
end  systems  prompted 
Northrup  Grumman’s 
Ship  Systems  unit  to  re¬ 
place  some  old  Cobol 
and  Fortran  code  with  an 
SAP  package. 

But  the  vast  majority 
of  business  data  still  re¬ 
sides  on  Cobol-based 
systems  (70%  is  a  widely 
accepted  figure),  and  it’s 
silly,  if  not  irresponsible, 
for  anyone  to  marginal¬ 
ize  that  fact.  As  much  as  the  vendors 
with  a  vested  interest  in  mainframe¬ 
bashing  would  love  to  see  that  old 
code  vanish,  it’s  just  not  happening. 

The  reason  is  simple.  The  stuff 
works,  and  it  works  really  well. 

Rideout  is  unwilling  to  let  the 
knowledge  gained  through  the  cre¬ 


ation  and  operation  of  those  “legacy” 
systems  go  to  waste.  Instead,  she  fos¬ 
ters  an  environment  in  which  older 
workers  share  their  knowledge  with 
their  younger  counterparts. 

“Once  people  get  over  the  it’s-my- 
father’s-Cobol  thing,”  Rideout  says, 
“the  young  kids  can  be  a  little  open- 
minded  and  get  into  these  older  sys¬ 
tems  and  see  that  there  are  some 
interesting  aspects  to  them.” 

A  veteran  systems  engineer  who 
wrote  to  us  after  reading  Anthes’  ar¬ 
ticle  explained  the  significance  of 
that  with  the  clarity  that  only  some¬ 
one  in  the  trenches  really  can. 

“Just  imagine  a  hardware  system 
with  today’s  cost-effective  gigahertz 
cycle  time  and  gigabytes  of  cost- 
effective  memory  running  a  system 
as  bulletproof  and  secure  as  z/OS,  as 
flexible  as  z/VM,  with  networking 
control  like  Unix,  the  development 
power  of  Java  and  a  user  interface 
like  Windows!”  he  wrote.  “That’s 
what  we  could  have  had  by  now  if 
the  young  folks  would  have  taken 
the  time  to  learn  from  the  past.” 

Yeah.  Just  imagine.  ©  55414 


DAVID  MOSCHELLA 

China,  India: 
Here  We 
Go  Again 

These  days,  it’s  hard  to 
attend  an  IT  industry 
conference  or  sift 
through  the  global  business 

news  without  being  subjected  to  dire 
warnings  about  the  rising  power  of 
India  and  China.  Growing  U.S.  trade 
deficits,  the  appeal  of  offshore  soft¬ 
ware  development  and  even  the  rising 
price  of  oil  all  speak  to  the  emergence 
of  competitive  challenges.  Yet  while 
these  issues  can’t  be  lightly  dismissed, 
to  assess  their  ultimate  significance 
we  should  start  with  the  question, 
“Haven’t  we  heard  all  of  this  before?” 

At  the  United  Nations  in  1956,  when 
Nikita  Kruschev  banged  his  shoe  and 
screamed  “We  will  bury  you!”  at  the 
U.S.  representatives,  lots  of  “experts” 
believed  him.  Many 
pundits  thought  that 
centrally  managed 
economies  would 
prove  to  be  superior 
—  a  belief  that  lasted 
for  several  decades. 

Of  course,  it  was  the 
USSR  that  found  it- 
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self  buried  in  the 
dustbin  of  history. 

During  the  1970s 
and  ’80s,  it  was 
Japan’s  turn.  After 
Japan  took  over  the 
global  consumer 
electronics  market 
and  much  of  the  car  industry,  many 
proclaimed  that  with  its  close  busi¬ 
ness/government  cooperation,  its  in¬ 
terlocking  corporate  ownership  struc¬ 
tures  and  its  long-term  market  views, 
Japan  and  the  other  Asian  “tigers”  had 
discovered  a  superior  form  of  capital¬ 
ism.  Ezra  Vogel’s  Japan  as  Number  One 
and  Clyde  Prestowitz’s  Trading  Places 
were  required  reading.  Of  course,  in 
1989,  the  Japanese  economic  bubble 
burst,  and  many  of  Japan’s  “strengths” 
are  now  recognized  as  weaknesses. 

In  the  1990s,  we  heard  about  the 
emerging  European  superstate.  Europe 
was  already  the  world’s  largest  econo¬ 
my,  and  many  claimed  that  its  strong 
social  safety  net  and  public  sector 
would  expose  the  weaknesses  of  the 
U.S.’s  relatively  laissez  faire  approach. 
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In  his  influential  book  Head  to  Head, 
MIT  economist  Lester  Thurow  argued 
that  Europe  was  best  positioned  to  win 
the  21st  century  race  for  economic 
leadership.  Today,  much  of  “old”  Eu¬ 
rope  is  economically  stagnant;  political 
integration  has  halted,  and  even  the  fu¬ 
ture  of  the  euro  is  uncertain. 

This  history  demonstrates  the 
healthy  U.S.  market  for  excessive 
rhetoric  about  global  competitiveness. 
While  Japan  and  Europe  have  had 
many  successes,  so,  of  course,  has  the 
U.S.  And  yet  most  of  the  debate  seems 
based  on  the  view  that  the  world’s  eco¬ 
nomic  pie  is  somehow  fixed  and  that 
the  growth  of  one  country  must  mean 
the  decline  of  another. 

Thus,  when  you  see  highly  publi¬ 
cized  new  books  such  as  Three  Billion 
New  Capitalists  (also  written  by 
Prestowitz),  you  might  want  to  keep 
these  examples  in  mind.  The  U.S.  re¬ 
mains  the  clear  leader  in  semiconduc¬ 
tors,  software,  aerospace,  cyberspace, 
biotechnology,  nanotechnology,  enter¬ 
tainment,  agriculture,  defense  and 
many  other  sectors  that  will  benefit 
from  growing  Chinese,  Indian  and 
other  markets. 

And  while  future  leadership  is  cer¬ 
tainly  not  a  U.S.  entitlement  and  will 
have  to  be  earned  every  day,  the  reality 
is  that  with  its  focus  on  low-cost  man¬ 
ufacturing,  China  is  much  more  of  a 
threat  to  Japan  and  Korea  than  it  is  to 
the  U.S.  As  for  India,  its  growing  num¬ 
ber  of  skilled  IT  workers  will  prove  to 
be  an  essential  worldwide  resource, 
but  it  will  be  decades  before  India’s  do¬ 
mestic  markets  are  strong  enough  to 
place  it  at  the  leading  edge  of  IT  value 
creation.  If  history  is  any  guide,  India 
and  China  will  have  plenty  of  their 
own  problems,  and  their  success  won’t 
have  to  come  at  our  expense.  ©  55315 


MICHAEL  GARTENBERG 


The  High 
Cost  of  Not 
Training 


A  FEW  YEARS  BACK,  I 
was  on  a  plane  going 
to  a  conference  where 
I  was  to  speak  on  IT  issues. 

One  of  the  themes  of  my  presentation 
was  that  nearly  90  cents  of  every  dollar 
spent  on  software  for  end  users  was 
wasted  because  of  a  lack  of  training. 
Sitting  next  to  me  was  an  older  gen¬ 


tleman  using  what  was  then 
a  state-of-the-art  ThinkPad. 

It  clearly  oozed  “power 
user,”  and  the  huge  (for  the 
time)  14-in.  display  was 
amazing  and  grabbed  my 
attention.  In  the  course  of 
glancing  longingly  at  the 
screen,  I  noticed  that  the 
application  my  seatmate 
was  busily  typing  away  in 
was  Windows  Notepad. 

Even  more  astonishing  was 
the  fact  that  Notepad  wasn’t 
zoomed  to  fill  the  XGA 
screen,  nor  was  word-wrap 
turned  on,  so  he  was  forced 
to  scroll  in  four  directions 
instead  of  two. 

After  a  moment  or  two  of 
watching  this,  I  introduced 
myself  and  we  chatted  for  a 
bit.  It  turned  out  that  he  was 
the  CEO  of  his  company.  He  ranted 
about  what  a  waste  of  money  his  PC 
was  and  how  unhelpful  his  IT  folks 
were  (his  actual  words  were  slightly 
more  colorful).  Watching  him  work,  I 
easily  understood  his  frustration.  I 
showed  him  how  to  zoom  Notepad  and 
turn  on  word-wrap.  From  his  reaction, 
you’d  think  I  was  Prometheus  showing 
him  fire.  In  exchange  for  promising 


never  to  divulge  either  his 
or  his  firm’s  identity  (al¬ 
though  every  time  I  tell 
this  tale,  at  least  three  peo¬ 
ple  say,  “Oh,  I  see  you  met 
my  boss”),  he  let  me  poke 
around  his  laptop  a  bit.  I 
found  hundreds  of  text 
files  saved  in  his  root  direc¬ 
tory.  But  though  he  had 
every  possible  PC  produc¬ 
tivity  application  installed 
—  office  suites,  graphics 
applications,  Web  tools  — 
no  one  had  ever  bothered 
to  show  him  how  to  use 
any  of  it.  He  just  tripped 
over  Notepad  and  started 
using  it  to  get  some  work 
done.  I  thought  at  the  time, 
“Ninety  cents?  More  like  99 
cents  in  this  case.” 

I  share  this  tale  because 
things  aren’t  getting  simpler  on  PCs. 
Despite  software  that  claims  to  be  “in¬ 
tuitive”  (although  I’ve  yet  to  see  a  PC 
intuit  anything;  I  suspect  they  mean 
the  software  is  intuitable,  although  it 
isn’t  that  either),  most  folks  won’t  be¬ 
come  productive  without  training. 

I  suspect  this  situation  will  become 
even  worse  over  the  next  year,  since 
vendors  are  increasingly  targeting  end 


users  with  marketing  pitches  designed 
to  gain  mind  share  for  their  products. 
IT  departments  must  counter  this  by 
keeping  users  informed  of  their  plan¬ 
ning  process,  but  they  also  must  be 
prepared  for  an  onslaught  of  support 
and  training  challenges  as  users  clam¬ 
or  for  the  new  stuff. 

The  problem  is  that  when  budgets 
are  slashed,  training  is  often  the  first 
thing  to  go.  Remember,  there’s  no  tech¬ 
nology  investment  that  will  yield  pro¬ 
ductivity  without  some  learning.  Ig¬ 
nore  that  part  of  the  equation,  and  it 
doesn’t  matter  how  good  the  core  tech¬ 
nology  is  or  whether  the  technology 
deployment  is  being  driven  by  IT  or  by 
end  users  themselves.  Instead  of  pro¬ 
ductivity,  you  will  get  frustrated  and 
angry  users  who  will  be  loath  to  ap¬ 
prove  the  next  big  thing. 

Make  sure  you  spend  the  time  get¬ 
ting  your  executives  up  to  speed  on 
their  corporate  gear  and  the  stuff 
they  buy  themselves,  even  if  it’s  not 
IT-approved.  Who  knows?  One  of 
them  might  be  sitting  next  to  me  on 
my  next  trip.  ©  55371 

WANT  OUR  OPINION? 

©More  columnists  and  links  to  archives  of  previous 
columns  are  on  our  Web  site: 

www.computerworld.com/columns 


MICHAEL  GARTENBERG  is 

vice  president  and  re¬ 
search  director  for  the 
Personal  Technology  & 
Access  and  Custom 
Research  groups  at 
Jupiter  Research 
in  New  York.  Contact 
him  at  mgartenberg2@ 
optonline.net. 

His  weblog  and  RSS 
feed  are  at 
http://weblogs. 
jupiterresearch.  com/ 
analysts/gartenberg. 


READERS’  LETTERS 


Certifications  Are  Limited  in  Accuracy 


iREAD  BOTH  OF  Don  Tennant’s 
recent  columns  about  certifica¬ 
tions  [“Certifiably  Concerned,” 
QuickLink  54921;  “Certifiably 
Mad?”  QuickLink  55056]  but  didn’t 
see  any  mention  of  independent  vs. 
vendor  certifications.  I  agree  that 
vendor  certifications  are  a  coin’s 
depth  away  from  useless.  They  ex¬ 
pire  at  the  whim  of  the  vendor  (.Net, 
anyone?)  and  only  show  that  the 
person  has  knowledge  of  a  specific 
product. 

Certification  should  require  pass¬ 
ing  an  exam  and  possibly  some  ex¬ 
perience,  and  ongoing  education 
requirements  should  have  to  be  met 
to  maintain  the  certification.  How 
much  respect  would  you  give  a  doc¬ 
tor  who  was  board-certified  by  Pfiz¬ 
er?  Why  would  a  Cisco  certification 
demand  any  more  credibility? 
Dewey  J.  Corl 
Rochester,  N.H. 

I  WOULD  AGREE  with  Tennant  ex¬ 
cept  for  one  disturbing  thought: 
He  assumes  that  certification  really 


does  identify  superior  technical 
skills.  Meaningful  professional  li¬ 
censing  involves  far  more  than  one¬ 
time  certification;  continuing  quality 
review  is  essential.  IT  doesn’t  have 
that,  partly  because  it  would  be  dif¬ 
ficult  to  obtain  consensus  on  how 
to  do  it. 

Possibly  the  compensation  for 
noncertified  people  is  rising  faster 
than  for  certified  people  because 
many  managers  think  they  have 
found  that  certification  is  an  unreli¬ 
able  indicator  of  quality.  The  more 
important  IT  becomes,  the  more 
nontechnical  managers  will  want 
authority  over  it,  so  the  problem  of 
determining  who  is  really  good  at  IT 
will  only  get  worse.  Rather  than  in¬ 
sisting  on  certification,  we  IT  pro¬ 
fessionals  might  do  better  to  insist 
on  helping  top  management  evalu¬ 
ate  how  well  middle  managers  un¬ 
derstand  and  manage  IT. 

Douglas  A.  Samuelson 
President,  InfoLogix  Inc., 
Annandale,  Va., 
samuelsondoug@yahoo.com 


I’VE  WORKED  WITH  several  peo¬ 
ple  who  had  professional  certifi¬ 
cations  (I  have  none).  You  would 
think  that  I  would  have  been  going 
to  them  for  help,  but  it  was  the  other 
way  around.  They  were  constantly 
coming  to  me  with  questions,  or 
couldn't  finish  projects  because 
they  were  too  hard,  or  needed 
hand-holding  to  get  things  done. 
Craig  Temby 

Senior  systems  administrator, 
Allmerica  Financial  Corp., 
stemby@allmerica.com 

The  editorial  about  my  firm’s 
recent  findings  revealing 
greater  gains  for  noncertified  skills 
pay  vs.  certifications  made  some  in¬ 
teresting  points.  But  I  wonder  if  a 
just-completed  Foote  Partners 
study  of  talent  management  at 
technology  vendors  and  Tier  1 1T 
professional  services  firms  might 
make  Tennant  think  twice.  On  aver¬ 
age,  vendors  don't  use  their  own 
certifications  to  qualify  their  work¬ 
ers’  skill  sets,  preferring  more  rigor¬ 
ous  proprietary  measures.  More¬ 
over,  neither  IT  services  firms  nor 


vendors’  consulting  divisions  find 
that  broadcasting  publicly  available 
certifications  held  by  their  consul¬ 
tants  offers  much  of  a  marketing 
advantage.  This  might  come  as  a 
surprise  if  it  were  not  for  the  reality 
that  certification  programs  are  typi¬ 
cally  managed  by  the  sales  and 
marketing  divisions  at  tech  vendors. 
Bottom  line:  Caveat  emptor. 

David  Foote 

President  and  chief  research 
officer,  Foote  Partners  LLC, 
New  Canaan,  Conn., 
dfoote@footepartners.com 

COMPUTERWORLD  welcomes 
comments  from  its  readers.  Letters 
will  be  edited  for  brevity  and  clarity. 
They  should  be  addressed  to 
Jamie  Eckle,  letters  editor,  Com- 
puterworld,  PO  Box  9171, 1  Speen 
Street,  Framingham,  Mass.  01701. 
Fax:(508)879-4843.  E-mail: 
letters@computerworld.com. 
Include  an  address  and  phone 
number  for  immediate  verification. 

OFor  more  letters  on  these  and 
other  topics,  go  to 

www.computerworld.com/letters 


ThinkPad  recommends  Microsoft®  Windows®  XP  Professional. 


RECOVERS  YOUR  WORK  IN  MINUTES. 

RESTORES  YOUR  SANITY  IN  AN  INSTANT. 


i 


Availability  All  offers  subject  to  availability.  Lenovo  reserves  the  right  to  alter  product  offerings  and  specifications  at  any  time,  without  notice.  Lenovo  is  not  responsible  for  photographic  or  typographic  errors.  'Pricing:  Prices  do  not  include  ta*  or  shipping  or  recycling  fees  and  are  subject  to  change  without  notice.  Reseller 
prices  mas  vary  Warranty.  For  a  copy  of  applicable  product  warranties,  write  to:  Warranty  Information,  P.O.  Bo*  12195,  RTP,  NO  27709,  Attn:  Dept  UF2A/B203.  Lenovo  makes  no  representation  or  warranty  regarding  third  party  products  or  services.  Footnotes:  (1)  Mobile  Processors:  Power  management  reduces  processor 
'■peed  when  in  battery  mode.  (2)  Wireless:  based  on  IEEE  802.11a,  802.11b  and  802.1  Ig  respectively.  An  adapter  with  lla/b,  llb/gor  lla/b/g  can  communicate  on  either/any  of  these  listed  formats  respectively;  the  actual  connection  will  be  based  on  the  access  point  to  which  it  connects.  (3)  Included  software:  may 
differ  frGm  its  retail  version  (if  available),  and  may  not  include  user  manuals  or  all  program  functionality.  License  agreements  may  apply.  (4)  Memory:  For  PCs  without  a  separate  video  card,  memory  supports  both  system  and  video.  Accessible  system  memory  is  up  to  64MB  less  than  the  amount  stated,  depending  on 
video  mode  (5)  Hard  drive  GB  =  billion  bytes.  Accessible  capacity  is  less;  up  to  4GB  is  service  partition.  (7)  Thinness:  may  vary  at  certain  points  on  the  system.  (8)  Travel  Weight:  includes  battery  and  optional  travel  bezel  instead  of  standard  optical  drive  in  Ultrabay  bay,  if  applicable;  weight  may  vaiy  due  to  vendor 
components  manulacturing  process  and  options.  (9)  Internet  access  required;  not  included.  (10)  Embedded  Security  Subsystem:  requires  software  download.  (11)  Limited  warranty:  Support  unrelated  to  a  warranty  issue  may  be  subject  to  additional  charges.  (12)  Systems  with  limited  onsite  service:  are  designed  to 


r 


MOBILE 

TECHNOLOGY 


RESCUE  AND  RECOVERY.  ONLY  ON  A  THINKPAD. 

Maybe  you’ve  had  a  virus  attack.  Or  a  software  installation  failure. 
Or  your  operating  system’s  been  corrupted.  Just  press  the  blue 
button  on  any  ThinkPad®  notebook  and  a  range  of  tools  comes 
to  the  rescue.  It’s  called  Rescue  and  Recovery™.  Standard  on  all 
new  ThinkPad  notebooks*  it  can  get  you  up  and  running  even 
when  your  operating  system's  down.  So  work  with  a  feeling 
of  confidence.  Instead  of  that  sinking  feeling. 


ThinkPad  R51 

DISTINCTIVE  INNOVATIONS 

Embedded  Security  Subsystem  2.010- 
Strong  security  as  a  standard  feature 

SYSTEM  FEATURES 

Intel®  Centrino™  Mobile  Technology 
Intel®  Pentium®  M  Processor  725  (1.60GHz)1 
Intel®  PRQ/Wireless  2200BG  (802.11b/g)2 

Microsoft®  Windows®  XP  Professional3 

14.1"  XGA  TFT  Display  (1024x768) 

256MB  DDR  SDRAM4,  40GB  Hard  Drive5 
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ThinkPad  Premiere  Leather 
Carrying  Case 

$99 


(P/N  10K0209) 


ThinkPad  X40 

Thinnest  and  lightest  ThinkPad  ultraportable  ever. 

DISTINCTIVE  INNOVATIONS 

Embedded  Security  Subsystem  2.0  - 
Strong  security  as  a  standard  feature 

SYSTEM  FEATURES 

Intel®  Centrino™  Mobile  Technology 
Intel®  Pentium®  M  Processor  ULV  733  (1.10GHz) 
Intel®  PRQ/Wireless  2200BG  (802.1  lb/g) 

Microsoft®  Windows®  XP  Professional 

256MB  DDR  SDRAM,  30GB  Hard  Drive 

Only  .94"  thin7  and  2.7-lb  travel  weight8 


$1499 


(P/N  2386BHU) 


ThinkPad  Women’s  Executive 
Red  Leather  Tote 


$130 


(P/N  22P8858) 


With  the  Think  Express  Program,  ThinkPad  notebooks  are  preconfigured  with  your  business,  and  your  budget,  in  mind. 


Contact  your  authorized  reseller. 

To  find  one  near  you,  or  to  buy  direct,  go  to  thinkpad.com/security/m583.  Or  call  1  866-426-0009. 

ThinkPad  is  a  product  of  Lenovo. 
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split-second  securities  trades  a  day  for  three  of  the  world's 
leading  investment  firms. 

Huge  order  volumes  are  executed  swiftly  and  securely  across  platforms  around  the  globe. 
It  all  happens  when  CA  software  automates  systems  and  processes.  To  manage  your 
customers'  transactions  with  this  kind  of  speed  and  reliability,  call  a  CA  representative 

at  1-888-423-1000  or  visit  ca.com/didyouknow. 
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Big-Time  Storage 
On  the  Cheap 

An  increase  in  functionality  and 
a  drop  in  component  prices  is 
making  midrange  storage  the  most 
attractive  option  for  users  like 
Ameritrade’s  Asiff  Hirji.  Page  28 


QUICKSTUDY 

AJAX 

Asynchronous  JavaScript  and  XML 
is  an  approach  to  developing  Web 
applications  in  which  client  Web  pages 
are  modified  incrementally  rather  than 
being  replaced  entirely  every  time  an 
update  is  needed.  Page  34 


SECURITY  MANAGER'S  JOURNAL 

IDS  Pays  Off,  Even  if 
There’s  No  Hacking 

The  intrusion-detection  system  at 
Mathias  Thurman’s  firm  shows  its 
value  once  more  as  his  security 
team  sets  out  to  mitigate  the 
effects  of  a  nasty  worm.  Page  32 
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Protective 


With  so  many 
types  of 
malware 
stalking  the 
Internet, 
companies 
pile  on  their 
e-mail 
defenses. 

By  Sue 
Hildreth 
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HEN  THE  NIMDA  WORM 
struck  in  2001,  one  of  its 
many  victims  was  the 
Virginia  Hospital  Center 
in  Arlington.  The  worm 
crashed  servers,  erased  data  and 
forced  VHC  to  hire  a  consultant. 

“It  deleted  files  and  brought  a  cou¬ 
ple  of  servers  to  their  knees,”  says  IT 
director  Mark  Rein,  who  joined  VHC 
a  year  after  Nimda  struck.  “We  had  to 
have  a  company  come  in  and  eradicate 
the  virus.” 

Fortunately,  the  virus  didn’t  attack 
patient  data.  But  it  did  provide  a  wake- 
up  call,  making  VHC  aware  that  it 
needed  better  e-mail  security.  There 
wasn’t  a  silver  bullet  that  could  stop  all 
viruses  and  —  nearly  as  bad  —  spam, 
so  VHC  opted  for  multiple  overlapping 
defenses. 

Today,  the  hospital  is  protected  by 
five  layers  of  anti¬ 
virus  and  anti¬ 
spam  defenses:  an 
e-mail  relay  and 
antivirus  product 
called  eSafe  from 
Aladdin  Knowl¬ 
edge  Systems  Ltd.; 
an  antispam  and 
antivirus  device  from  MailFrontier 
Inc.;  antivirus  software  from  Symantec 
Corp.  on  the  e-mail  servers  and  desk¬ 
tops;  and  a  Web  filter  from  Websense 
Inc.  to  monitor  HTTP  traffic  and  pre¬ 
vent  employees  from  accidentally 
downloading  viruses  from  the  Web. 
Finally,  the  hospital  uses  a  Juniper  Net¬ 
works  Inc.  intrusion-detection  and 
-prevention  product  to  alert  IT  staff  to 
anomalies  in  network  traffic  or  unau¬ 
thorized  software  on  the  system. 

Sound  excessive?  In  this  era  of  mas¬ 
sive  malware  attacks,  such  multiple 
layers  of  defense  are,  in  fact,  not  para¬ 
noid  but  prudent. 


On  an  average 

1  in  every  33 
e-mail  messages 

is  infected  with  ' 

a  virus. 
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In  a  March  report  from  Ferris  Re¬ 
search  in  San  Francisco,  antivirus  soft¬ 
ware  vendors  said  that  there  were 
nearly  100,000  viruses  in  existence 
then  and  that  the  number  is  increasing 
each  month.  F-Secure  Corp.,  a  vendor 
of  antivirus  products  in  Helsinki, 
Finland,  notes  that  the  largest  virus 
outbreak  in  2004,  MyDoom.A,  churned 
out  nearly  10%  of  global  e-mail  at 
its  peak. 

Another  problem  is  spyware  and  ad¬ 
ware,  small  programs  that  install  them¬ 
selves  on  a  PC  and  either  push  out  ad¬ 
vertising  or,  in  the  case  of  spyware,  track 
user  activities.  Such  programs  can  come 
from  the  most  innocent  of  sources. 

Last  fall,  for  example,  the  U.S.  De¬ 
partment  of  Energy’s  Carlsbad,  N.M., 
office  was  perplexed  by  a  sudden  flood 
of  pop-up  pornographic  ads  on  employ¬ 
ee  PCs.  “We  couldn’t  understand  how 
we  were  getting  all  this  traffic  from 
adult  sites,”  says  Paul  DeVito,  informa¬ 
tion  systems  site  security  manager. 

His  staff  traced  it  to  a  weather  site 
used  by  the 
DOE  that  had 
been  hacked 
and  was 
downloading 
X-rated  ad¬ 
ware  to  visi¬ 
tors’  PCs. 
Besides  cut¬ 
ting  productivity,  adware  and  spyware 
can  also  cause  computer  problems  and 
worse.  “It  can  cause  instability  in  PCs, 
operations  to  crash,  slow  performance,” 
notes  Chris  Williams,  a  senior  analyst 
at  Ferris  Research.  “And  it  can  log  your 
keystrokes  and  report  those  back  to  a 
Web  site,  so  your  network  log-in  is 
being  compromised.” 

Security  Strategies 

How  can  a  company  shore  up  its 
servers  and  desktops  against  this  rising 
tide  of  malware?  First,  say  experts,  ed¬ 
ucate  employees  on  spam  and  viruses. 
But  education  can  go  only  so  far;  tech¬ 
nology  is  also  needed.  Here  are  five 
steps  for  defending  against  malware. 

RESTRICT  USER  PRIVILEGES. 

The  fewer  the  system  privileges 
on  a  user’s  desktop,  the  fewer  op¬ 
portunities  there  are  for  viruses 
and  spyware  to  take  over,  says  Andrew 
Jaquith,  an  analyst  at  The  Yankee  Group 
in  Boston.  “The  biggest  reason  compa¬ 
nies  have  spyware  problems  is  the  user 
privileges  are  set  too  high,”  he  says. 

IT  may  also  opt  to  block  certain 
types  of  attachments,  such  as  exe¬ 
cutable  or  Zip  files,  and  prevent  access 
to  certain  Web  sites.  The  DOE’s  Carls- 


At  least  100,000 
e-mail  viruses 
exist  today,  a  i 


bad  office  now  uses  Websense  soft¬ 
ware  to  block  access  to  adware-  and 
spyware-heavy  sites,  such  as  gambling 
sites.  It  also  relies  on  an  e-mail  firewall 
from  Tumbleweed  Communications 
Corp.  with  built-in  McAfee  Inc.  anti¬ 
virus  and  spyware  filtering  tools. 

2  APPLY  PATCHES  IMMEDIATELY. 

Installing  security  patches  and 
updates  is  critical,  regardless 
of  how  much  antivirus  protec¬ 
tion  you  may  have.  JetBlue  Airways 
Corp.  in  Forest  Hills,  N.Y.,  for  example, 
has  layers  of  antivirus  and  antispam 
defenses,  but  its  IT  staffers  also  apply 
new  security  patches  promptly,  says 
Lesen  Wang,  IT  e-mail  systems  admin¬ 
istrator  at  JetBlue. 

“Even  with  an  antivirus  program,  a 
virus  can  get  through,”  he  says.  Two 
years  ago,  for  example,  JetBlue’s  desk¬ 
tops  were  infected  by  the  Blaster  virus 
because  they  hadn’t  been  patched,  but 
the  airline’s  servers,  which  had  received 
regular  updates,  remained  unaffected. 

3  SWITCH  TO  ALTERNATIVE 
E-MAIL  PACKAGES. 

While  not  guaranteed  to  be 
shielded  against  viruses,  non¬ 
standard  (that  is,  not  Microsoft)  soft¬ 
ware  is  less  likely  to  be  targeted  by 
virus  writers. 

For  example,  Brett  McKeachnie,  net¬ 
work  systems  administrator  at  Utah 
Valley  State  College,  reports  that  the 
school,  which  uses  Novell  Inc.’s 
GroupWise,  never  had  a  virus  problem 
and  didn’t  realize  it  was  receiving 
viruses  until  it  installed  isolation 
Server,  an  e-mail  security  product 
from  Avinti  Inc.  in  Lindon,  Utah. 

“Avinti  put  [isolation  Server]  into 
the  mail  stream,  and  the  next  thing  you 
know,  we’ve  got  40  to  50  viruses  hitting 
the  filter,”  says  McKeachnie.  However, 
not  everyone  at  Utah  Valley  State  uses 
GroupWise  —  some  are  on  Outlook  — 
so  the  college  remains  vulnerable  to 
virus  attacks  and,  of  course,  spam. 

4  BUILD  A  MULTILAYERED 

DEFENSE.  There  are  several  ap¬ 
proaches  to  antivirus  and  anti¬ 
spam  protection,  none  of 
which  is  100%  effective.  So  using  two 
or  more  is  a  useful  strategy,  say  experts. 

Techniques  for  blocking  spam  in¬ 
clude  maintaining  blacklists  of  spam¬ 
mers’  Internet  addresses  and  employ¬ 
ing  the  challenge/response  strategy, 
which  attempts  to  catch  spammers  by 
asking  a  suspicious  sender  to  resend  the 
message,  the  assumption  being  that  an 
automated  spam  program  won’t  reply. 
Another  option  is  Bayesian  filters, 


It’s  11  p.m.  - 

Do  You  Know  What  Your 
Computer  Is  Doing? 

Are  your  PCs  moonlighting?  If  you 
haven’t  been  safeguarding  them 
against  viruses,  they  might  be  part 
of  a  “botnet,”  or  a  network  of  ro¬ 
bots.  Virus  writers  create  botnets  by 
taking  over  hundreds  or  thousands 
of  PCs  that  are  then  used  by  spam¬ 
mers  to  spew  out  spam  mailings. 

This  is  the  result  of  a  problematic 
trend:  the  collusion  between  spam¬ 
mers  and  virus  writers,  according  to 
Ferris  Research.  Virus  writers  create 


malware  to  infect  users’  servers 


then  rented  out  to  spammers.  Be¬ 
cause  the  spam  is  coming  from  mul¬ 
tiple  addresses,  none  of  actu 
ally  belongs  to  the  spamming  organi¬ 
zation,  it’s  impossible  to  track  the 
true  origin  of  the  spam  and  punish 
the  spammer.  Instead,  unwitting  vic¬ 
tims  suddenly  find  their  organiza¬ 
tions’  e-mail  domains  blacklisted. 

Besides  putting  antivirus  protec¬ 
tion  on  PCs  and  filtering  incoming 
e-mail  attachments,  it’s  wise  to  fitter 
outgoing  e-mail,  so  you  can  tell  if 
you’ve  got  a  potential  hot  infestation 
inside  your  company. 

-Sue  Hildreth 


which  “learn”  to  recognize  spam  from 
samples  that  an  IT  administrator  or  an 
end  user  feeds  it.  The  filter  then  uses 
probability  scores  to  decide  whether 
an  e-mail  is  likely  to  be  spam. 

Signature-based  scanning  is  the  most 
common  approach  for  identifying 
viruses,  but  it  doesn’t  help  when  there’s 
a  brand-new  virus  on  the  loose.  The 
“zero  hour”  problem  —  the  time  lag 
between  the  initial  release  of  a  new 
virus  and  the  point  when  an  antivirus 
software  vendor  can  issue  a  patch  up¬ 
date  —  is  the  biggest  problem  with  sig¬ 
nature-based  products,  especially  since 
the  gap  can  be  as  long  as  eight  hours. 
Companies  relying  solely  on  pattern- 
based  antivirus  protection  are  vulnera- 
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Here  are  a  few  images  of  viruses 
that  have  infected  Internet  mail. 
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ble  to  new  viruses  during  that  time. 

One  technique  that  attempts  to  close 
this  gap  is  blocking  technology  that 
shuts  down  access  to  certain  systems  if 
it  detects  any  initial  virus  activity.  For 
example,  JetBlue  used  Trend  Micro 
Inc.’s  signature-based  ServerProtect, 
but  it  opted  to  add  IronPort  Systems 
Inc.’s  C-Series  antivirus  and  antispam 
device,  which  includes  a  blocking  tech¬ 
nology  called  Virus  Outbreak  Filter. 
The  filter  quarantines  suspect  e-mail  if 
it  detects  a  new  virus  outbreak  based 
on  data  from  IronPort’s  SenderBase 
e-mail  monitoring  network. 

Yet  another  approach  to  blocking 
viruses  is  heuristics  scanning,  which 
detects  viruses  by  analyzing  a  file’s 
structure,  behavior  and  other  attribut¬ 
es  instead  of  looking  for  a  pattern 
match  in  the  code. 

The  bottom  line,  say  experts,  is  that 
two  or  more  defensive  technologies  — 
whether  in  different  products  or  com¬ 
bined  in  one  —  are  better  than  one. 

Just  as  using  two  types  of  antivirus 
or  antispam  software  can  increase 
your  odds  of  catching  malware,  so,  too, 
can  locating  defensive  products  at  dif¬ 
ferent  points  on  your  network.  Fire¬ 
walls,  SMTP  gateways,  HTTP  gate¬ 
ways,  e-mail  and  file  servers,  and  desk¬ 
tops  are  all  good  places  to  defend. 

Monrovia  Nursery  Co.,  a  national 
plant  and  flower  wholesaler  in  Azusa, 
Calif.,  recently  added  its  fourth  layer  of 
security:  an  antispam  and  antivirus 
gateway  from  MailFrontier  in  Palo 
Alto,  Calif.  The  new  gateway  comple¬ 
ments  an  existing  firewall  —  which 
blocks  attachments  such  as  Visual 
Basic  scripts  —  and  antivirus  software 
from  Symantec  on  its  e-mail  servers 
and  desktops.  “It’s  another  layer  of 
protection,”  says  Ray  Martin,  Mon- 
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rovia’s  IS  technical  manager.  “Redun¬ 
dancy  and  variety  are  good  when  it 
comes  to  e-mail  security.” 

The  main  point  of  a  multilayered  de¬ 
fense,  says  Richi  Jennings,  a  Ferris  Re¬ 
search  analyst,  is  to  cover  all  of  the  po¬ 
tential  points  where  a  virus  could  en¬ 
ter.  Too  often,  he  says,  companies  think 
they’re  immune  to  viruses,  when  in 
fact  they’ve  failed  to  cover  a  key  point 
of  entry. 

“You  may  feel  you  have  a  clean  ar¬ 
chitecture,  with  virus  scanning  on  the 
perimeter  of  the  network,”  Jennings 
says.  “But  if  you’ve  forgotten  a  vector 

—  such  as  a  laptop  that  has  a  virus  and 
gets  plugged  into  the  company  network 

—  then  suddenly  you’ve  got  a  bunch  of 
infected  machines  because  you  didn’t 
put  antivirus  on  the  desktops.” 

USE  AN  OUTSIDE  SERVICE. 

If  you  want  a  multitiered 
defense  without  having  to 
purchase  individual  products 
and  implement  them,  an  outside  anti¬ 


virus  and  antispam  service  may  be  the 
answer.  Companies  such  as  Message- 
Labs  Ltd.  and  Postini  Inc.  will  intercept 
and  clean  your  e-mail  of  viruses  and 
spam  before  sending  it  to  your  e-mail 
server,  thus  sparing  you  the  software 
and  hardware  expense  of  scanning  and 
processing  your  own  e-mail. 

Internet  service  providers 
may  offer  antivirus  and  anti¬ 
spam  filtering  services  to 
corporate  clients.  For  exam¬ 
ple,  virus  and  spam  filtering 
at  Bata  Canada,  a  unit  of 
shoe  manufacturer  and  re¬ 
tailer  Bata  International, 
is  handled  by  Bata’s  service 
provider,  Pathway  Commu¬ 
nications  in  Markham, 

Ontario. 

One  major  advantage,  according  to 
Eli  Gabbay,  manager  of  IT  technical 
support  at  Bata,  is  the  ability  to  offload 
some  of  the  administrative  chores  to 
Pathway.  “I  found  [antispam  and  anti¬ 
virus  software]  to  be  very  complicated. 


. . .  There’s  a  lot  of  work  for  me  to  do  to 
maintain  it,”  he  explains.  “Now  the 
only  thing  I  need  to  do  is  put  any  spam 
that  gets  through  into  a  folder,  and 
Pathway  adds  it  to  its  database.” 

Typically,  antivirus  services  use  sig¬ 
nature-based  scanning  in  combination 
with  other  approaches  to  optimize 

their  success  rates.  And  they 
clean  up  the  e-mail  before  it 
ever  reaches  their  customers’ 
servers.  Some  users  are  also 
turning  to  antivirus  and  anti¬ 
spam  service  providers  to 
clean  up  their  e-mail  before 
it  even  hits  their  firewalls. 

Euro  RSCG  Worldwide,  a 
New  York-based  internation¬ 
al  advertising  and  marketing 
firm  with  233  agencies, 
turned  to  New  York-based  Message- 
Labs  for  help  in  dealing  with  a  rising 
flood  of  spam  that  threatened  to  over¬ 
load  its  e-mail  servers. 

“We  had  more  spam  coming  in  than 
legitimate  e-mail,”  says  CIO  John  Tan¬ 


ner.  “It  got  to  the  point,  last  August, 
where  we  were  going  to  have  to  in¬ 
crease  our  hardware  by  33%.” 

Euro  RSCG  tried  blocking  spam 
at  the  firewall  with  blacklists,  but 
that  approach  resulted  sometimes  in 
blocked  mail  from  prospective  clients 
whose  addresses  or  e-mail  servers  had 
been  hijacked  by  spammers.  So  the  ad 
agency  tried  the  MessageLabs  service, 
which  culls  spam  and  viruses  before 
sending  the  clean  mail  on. 

Of  course,  the  company  still  uses 
antivirus  software  on  its  servers  and 
desktops  to  be  safe.  But  so  far,  spam 
has  ceased  to  be  a  problem.  “I  don’t 
have  to  manage  any  hardware  or 
software.  I  don’t  have  to  worry  about 
upgrading  hardware  because  spam 
has  increased,”  says  Tanner.  “Spam 
has  disappeared  from  the  planet 
for  us.”  ©  55264 


Hildreth  is  a  freelance  writer  in 
Waltham,  Mass.  She  can  be  reached 
at  Sue.Hildreth@comcast.net. 
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INCREASED  FUNCTIONALITY 
AND  LOWER  COMPONENT  PRICES  ARE 
MAKING  MIDRANGE  STORAGE  AN 
ATTRACTIVE  OPTION  FOR  MANY  COMPANIES. 

BY  LUCAS  MEARIAN 
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Late  last  year,  Ameritrade 
Holding  Corp.’s  IT  depart¬ 
ment  began  ripping  out  its 
high-end  monolithic  stor¬ 
age  systems  and  replacing 
them  with  less-expensive  and  more- 
modular  midrange  storage  arrays. 

Asiff  Hirji,  CIO  at  the  Omaha-based 
online  brokerage,  prides  himself  on 
having  the  most  cost-efficient  platform 
possible  and  says,  “The  performance  in 
the  midtier  storage  systems  has  come 
to  the  point  where,  for  our 
needs,  they  do  what  we 
need  them  to  do.  We  don’t 
need  to  spend  the  addi¬ 
tional  money  on  the  high- 
end  systems.  That’s  made  a 
big  difference  on  our  cost 
per  gigabyte.” 

The  saturation  of  the  en¬ 
terprise  marketplace  with 
Fibre  Channel  storage-area 
network  technology  has 
forced  vendors  to  look  to 
midsize  companies  to  fill 
their  SAN  orders.  But  in  order  to  sell 
to  that  market,  vendors  have  been 
forced  to  offer  the  same  functionality 
that  had  been  exclusive  to  high-end 
systems,  industry  experts  say. 

High-end  or  monolithic  arrays  are 
housed  in  refrigerator-size  cabinets  and 
come  with  all  the  processing  capacity 
they’ll  ever  have  as  well  as  a  full  set  of 
feature  functionality.  High-end  boxes 
can  cost  more  than  $1  million.  In  com¬ 
parison,  midrange  or  modular  storage 
arrays  range  from  $50,000  to  about 
$300,000.  Midrange  arrays  are  housed 
in  a  rack  and  can  start  out  as  a  low-end 
product  and  grow  through  the  addition 
of  controllers  (processors)  and  func¬ 
tionality  as  business  needs  grow. 

For  example,  Hewlett-Packard  Co. 
announced  in  March  that  for  the  first 
time  its  SAN-to-SAN  fail-over  capabili¬ 
ty  can  be  added  to  its  midrange  Enter¬ 
prise  Virtual  Array  (EVA)  products. 
Other  high-end  functionality,  such  as 
data  snapshots,  data  mirroring  and 
data  migration,  is  now  commonly 
found  in  midrange  arrays  from  most 
major  vendors. 

“The  pressure  is  on  the  high-end 
[systems  vendors].  Users  know  the  lev¬ 
el  of  sophistication  has  moved  down¬ 
stream,  and  it  gives  them  another  op¬ 


STORAGE 
SALES  2004 

High-end  storage 
sales  revenue: 

S5.023B 

Units  sold:  10,543 

Midrange  storage 
sales  revenue: 

S6.851B 

Units  sold:  168,015 

SOURCE:  GARTNER  INC. 


tion  for  storage,”  says  Tony  Prigmore, 
an  analyst  at  Enterprise  Strategy 
Group  Inc.  in  Milford,  Mass. 

The  trend  downward  is  also  revealed 
in  vendor  sales.  EMC  Corp.  reported  in 
its  first-quarter  earnings  this  year  that 
its  midrange  Clariion  line  of  storage 
arrays  and  related  software  saw  more 
than  a  40%  revenue  growth  for  the 
fourth  quarter  in  a  row.  Meanwhile,  its 
high-end  Symmetrix  array  line  went 
from  5%  revenue  growth  four  quarters 
ago  to  a  3%  drop  in  rev¬ 
enue  in  the  first  quarter  of 
this  year. 

Mike  Sink,  director  of 
network  and  operational 
infrastructure  at  the  Kich- 
ler  Lighting  Group  in 
Cleveland,  a  wholesale 
lighting  and  fixture  compa¬ 
ny  that  has  customers  in 
140  countries,  replaced  a 
high-end  EMC  Symmetrix 
array  a  year  ago  with  a 
midrange  EMC  Clariion 
CX600  array  with  12TB  capacity  in  or¬ 
der  to  back  up  30  Unix  and  30  Win¬ 
dows  servers. 

“The  Clariion  line  has  a  lot  of  the 
same  functionality  that  the  Symmetrix 
has.  The  core  functionality  like  repli¬ 
cation,  cloning  of  disk,  snap  copies, 
SAN  mirroring. . . .  Those  tools  have 

Continued  on  page  30 
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IronPort  Virus  Outbreak  Filters  detect  and 
stop  viruses  before  any  other  technology. 


VIRUS  NAME 


Multiple  “Bagle”  Variants 
“Mydoom.BB” 

“Sober J" 

“Wurmark-D” 


IRONPORT’S  EARLY  DETECTION  ADVANTAGE 
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Today’s  email  borne  viruses  propagate  globally 
in  hours  or  minutes,  much  faster  than  traditional 
defenses  can  react,  leaving  you  exposed  to  the 
“reaction  time  gap’’  IronPort  Virus  Outbreak 
Filters  stop  viruses  up  to  42  hours  before  tradition¬ 
al  virus  definition  files  are  available,  literally 
predicting  virus  attacks  before  they  cause  harm. 
This  astounding  solution  is  powered  by  a  series  of 
proprietary  algorithms  that  process  data  from 
IronPort’s  SenderBase^  the  world’s  first  and  largest 
email  traffic  monitoring  network.  Available  now 
at  www.ironport.com/leader 


“Virus  Outbreak 
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virus  outbreaks.” 
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been  offered  at  the  midrange  level, 

which  is  an  advantage  to  us,”  Sink  says. 

Adding  to  the  appeal  of  midrange 
systems  is  the  plummeting  price  of  Fi¬ 
bre  Channel  components,  such  as  Ad¬ 
vanced  Technology  Attachment  (ATA) 
disks,  host  bus  adapters  (HBA)  and 
network  switches,  as  well  as  vendor 
package  deals  that  have  placed  high- 
functionality  SANs  well  within  the 
reach  of  midsize  businesses. 

Josh  Howard,  an  enterprise  storage 
specialist  at  CDW  Corp.,  a  $5.7  billion 
technology  reseller  in  Vernon  Hills, 

Ill.,  says  HBAs  are  less  than  half  the 
price  that  they  were  two  years  ago  and 
storage  switches  have  also  dropped  to 
about  half  their  former  price.  Those 
prices  are  wooing  companies  into  buy¬ 
ing  midrange  SANs,  which  tend  to  be 
designed  for  companies  with  about 
1,000  employees  or  more. 

Howard  says  much  of  the  pressure  to 
reduce  prices  is  coming  from  competi¬ 
tion  from  IP-based  storage,  such  as  In¬ 
ternet  SCSI. 

“A  lot  of  iSCSI  vendors  are  bundling 
in  host-based  replication,  and  it’s  at  a 
much  lower  cost  when  you  use  iSCSI 
versus  Fibre  Channel,”  Howard  says. 

But  performance  continues  to  be  an 
issue  with  iSCSI  adoption.  IP-based 
storage  currently  poses  no  real  chal¬ 
lenge  to  Fibre  Channel  because  Fibre 
Channel  is  still  four  times  as  fast  as 
iSCSI,  says  Bob  Passmore,  an  analyst  at 
Gartner  Inc.  Fibre  Channel  is  also  far 
more  reliable  because  it  was  built  for 
storage  subnetworks  and  not  LANs 
like  SCSI,  he  adds. 

But  as  iSCSI  continues  to  creep  up 
the  data  center  food  chain  and  the 
price  of  lOGbit/sec.  Ethernet  drops, 
there  will  be  increased  pressure  on 
Fibre  Channel  storage  vendors  to  cut 
costs.  And  eventually,  iSCSI  could  re¬ 
place  Fibre  Channel  as  the  most  popu¬ 
lar  storage  subsystem  interconnect. 

Dan  Harrison,  a  Unix  systems  ad¬ 
ministrator  at  the  New  York  State  Uni¬ 
fied  Court  System  in  Troy,  N.Y.,  last 
year  replaced  a  high-end  EMC  Sym- 
metrix  array  with  several  midrange 
boxes  from  Network  Appliance  Inc. 
because  doing  so  gave  him  the  choice 
of  using  network-attached  storage,  a 
Fibre  Channel  SAN  or  iSCSI. 

Harrison  purchased  a  cluster  of  Net- 
App  FAS960  arrays,  a  FAS250  and  FAS- 
270  and  a  R200  NearStore  array.  He 
says  he  was  won  over  to  the  midrange 
boxes  in  part  because  they  came  with 
software  for  taking  snapshots  of  data 
for  backups  and  can  mirror  data 
changes  between  arrays  —  features 
that  had  formerly  been  available  only 


on  high-end  systems  like  Symmetrix. 

“Our  current  storage  environment  is 
easier  to  administer.  With  respect  to 
hardware,  I  can  say  our  administration 
is  simplified  and  our  productivity  is  up 
as  a  function  of  that,”  Harrison  says. 

He  also  uses  the  iSCSI  connectivity  on 
the  FAS960  to  consolidate  backup  of 
the  court  system’s  Linux,  Unix  and 
Wintel  servers. 

One  advantage  of  midrange  arrays  is 
that  they  allow  companies  to  use  rela¬ 
tively  low-cost  ATA  disks  to  build  a 
tiered  infrastructure  internal  to  the 
box  by  using  a  combination  of  ATA 
memory  and  Fibre  Channel  or  SCSI 
disks.  Higher-end  boxes  have  yet  to 
offer  that  feature. 

Hitachi  Data  Systems  Corp.’s  Thun¬ 
der  line  of  arrays,  HP’s  EVAs,  NetApp’s 
FAS  arrays  and  IBM’s  DS4000  and 
DS8000  series  arrays  all  have  the 
option  to  use  ATA  disk  technology. 

LEARNING  CURVE 

One  of  the  arguments  against  rolling 
out  Fibre  Channel  is  the  complexity  of 
the  network.  Most  companies  must  hire 
Fibre  Channel  network  administrators 
to  configure  and  maintain  the  systems. 

Nowadays,  however,  many  vendors 
are  offering  preconfigured  SANs  that 
are  fairly  easy  to  deploy.  But  preconfig¬ 
ured  doesn’t  mean  cheap,  analysts  say. 

Joel  Reich,  senior  director  of  prod¬ 
uct  marketing  at  NetApp,  said  bundled 
SANs  are  being  sold  more  for  ease  of 
configuration  than  for  cost-cutting. 
“We’re  not  in  the  camp  of  trying  to 
find  out  ways  to  knock  pennies  out  of 
the  cost  of  Fibre  Channel.  Fibre  Chan¬ 
nel  will  never  get  to  the  cost  of  Ether¬ 
net,”  he  says. 

Sink  says  Kichler  Lighting’s  Clariion 
came  preconfigured  with  16-port 
switches  from  Brocade  Communica¬ 
tions  Systems  Inc.  in  San  Jose  and  HBAs 
from  Emulex  Corp.  in  Costa  Mesa, 
Calif.  While  there  was  a  learning  curve 
for  his  systems  administrators,  it  was 
relatively  small  because  the  software 
tools  are  “very  intuitive,”  says  Sink. 

“We  didn’t  have  to  hire  a  Fibre  Chan¬ 
nel  expert.  It  didn’t  even  require  a  net¬ 
work  administrator.  The  Unix  admin 
was  able  to  connect  everything  and 
provision  the  storage,”  says  Sink,  who 
has  a  staff  of  25  IT  personnel  to  manage 
storage  for  Kichler’s  600  employees. 

The  Clariion  CX600  was  under 
$100,000,  and  with  network  hardware 
and  management  and  replication  soft¬ 
ware,  the  SAN  cost  about  $300,000  for 
the  original  4.5TB  capacity. 

“You  can  buy  a  $50,000  SAN  with 
4.5TB  of  ATA  disk  or  a  million-dollar 
system  with  4.5TB  of  Fibre  Channel 


Bargain 

SANs 


Bundled  SANs  available  from 
vendors  for  under  $100,000: 

■  EMC  Clariion  CX300  with  Navi- 
sphere  Manager,  4TB  storage,  an  eight- 
port  Fibre  Channel  switch  and  eight 
HBAs:  $87,000 

■  EMC  Clariion  CX500  with  Navi- 
sphere  Manager,  2TB  storage,  eight- 
port  switch  and  four  HBAs:  $82,000 

■  HP  EVA  3000  array  with  1.2TB  ca¬ 
pacity,  multipathing  and  management 
software:  about  $32,000 

■  NetApp  FAS270C  with  iSCSI,  FCP 
and  CIFS  protocols,  6.3TB  Fibre  Chan¬ 
nel  drives,  SnapManager  for  SQL  Serv¬ 
er  or  Exchange,  SnapRestore,  two 
eight-port  Fibre  Channel  switches,  2x 
Windows  Fibre  Channel  dual-attach¬ 
ment  kits,  and  a  standard  hardware  and 
service  warranty:  under  $100,000 

■  NetApp  FAS270C  with  iSCSI  and 
FCP  protocols,  6.3TB  Fibre  Channel 
drives,  SnapManager  for  SQL  Server, 
SnapManager  for  Exchange,  Snap- 
Restore,  two  eight-port  Fibre  Channel 
switches  and  2x  Windows  Fibre  Channel 
dual-attachment  kits:  under  $100,000 

■  IBM  DS400  with  6TB,  two  HBAs, 

L10  storage  switch  and  four  IBM 
Shortwave  SFP  transceivers:  $44,077 

■  IBM  DS4300  with  2TB,  six  HBAs. 
Windows/Linux  host  OS  attachment, 
Storage  Manager  and  fail-over  software, 
and  two  eight-port  switches:  $77,741 

■  IBM  DS4100  array  with  8TB  Serial 
ATA  drives,  six  HBAs,  Windows/Linux 
host  OS  attachment.  Storage  Manager 
and  fail-over  software,  and  two  eight- 
port  switches:  $68,867 

SOURCES:  EMC.  NETAPP.  IBM.  HP 

Additional  hardware  costs 

■  Host  bus  adapters: 

$700  to  $1,200 

■  Fibre  Channel  switches: 

$3,500  to  $9,000  for  entry- 
level  models  with  eight  to  16 
ports.  Models  with  32  ports  run 
from  $16,000  to  $22,000 

SOURCE:  CDW  CORP. 
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disk.  It  just  depends  on  the  compo¬ 
nents  you  put  in  there,”  Sink  says.  He 
adds  that  it’s  also  important  to  project 
your  data  volume  growth  for  about  36 
months  and  make  sure  your  equipment 
will  meet  your  needs. 

WAIT  A  MINUTE 

Passmore  acknowledges  that  midrange 
storage  systems  are  a  great  buy.  “They 
are  cheaper  on  a  dollar-per-gigabyte 
basis,”  he  says.  But,  he  warns,  there  are 
a  lot  of  misconceptions  about  the  true 
affordability  of  midrange  storage  sys¬ 
tems,  particularly  when  it  comes  to 
their  ability  to  fulfill  large  enterprise 
needs. 

“Midrange  arrays  are  smaller  and 
have  less  inherent  horsepower  than 
high-end  arrays,”  Passmore  says.  “If 
you’re  building  a  large,  complex  envi¬ 
ronment,  you’d  need  more  of  those 
smaller  arrays,  which  means  you’ll 
have  more  to  manage.  You  don’t  build 
volumes  across  arrays,  you  build  them 
across  a  single  array.” 

And  unlike  midrange  arrays,  high- 
end  arrays  such  as  EMC’s  Symmetrix, 
Hitachi’s  Lightning  and  IBM’s  Shark 
come  with  multiprotocol  connectivity 
for  Ficon  and  Escon  mainframe  con¬ 
nectivity  as  well  as  iSCSI.  Midrange 
arrays  are  usually  dedicated  to  one 
protocol  only.  The  only  exception  to 
that  rule  in  the  midrange  market  is  Ne¬ 
tApp,  which  offers  high-end  Ficon,  Es¬ 
con  and  iSCSI  connectivity  on  its  FAS 
line  of  arrays,  Passmore  says. 

Another  area  in  which  high-end 
arrays  beat  out  midrange  arrays  is  in 
asynchronous  or  synchronous  long¬ 
distance  replication  of  data,  which  re¬ 
quires  consistency  checks,  or  the  abili¬ 
ty  to  ensure  that  data  sent  across  long 
distances  is  consistent  with  the  origi¬ 
nal  data. 

In  the  past  18  to  24  months,  vendors 
have  pioneered  significant  advance¬ 
ments  in  long-distance  replication  in 
their  high-end  arrays.  It’s  now  possible 
for  high-end  arrays  to  maintain  consis¬ 
tency  across  large  applications  running 
SAP  or  Oracle  on  20  or  more  servers, 
says  Passmore. 

To  maintain  an  application’s  perfor¬ 
mance  over  long  distances,  the  appli¬ 
cation  must  go  ahead  of  the  remote 
copy  of  data,  and  that  requires  a  sub¬ 
stantial  buffer  or  cache.  “Midrange  ar¬ 
rays  can’t  do  this,”  he  says. 

The  bottom  line,  Passmore  says,  is 
that  for  many  users  that  need  shared 
storage,  either  midrange  or  high-end 
arrays  fit  the  bill.  But  for  very  high 
scalability  and  performance,  midrange 
systems  continue  to  lag  behind  their 
bigger  brothers.  ©  55256 
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Scott  hates  us. 


And  our  customers  couldn’t  be  happier.  Scott’s  a  hacker  and  it’s  our  job  to  make 
his  job  impossible.  We’re  Sophos,  a  global  leader  in  network  security  for  business. 


Over  103,000  viruses  want  inside  your  network.  The  number  is  growing— and  so 
is  the  severity  of  attacks.  Sophos  knows  how  to  stop  them.  Our  proven  solutions 
defend  against  viruses,  spam,  worms,  Trojans  and  malicious  spyware.  Join  the  35 
million  users  in  150  countries  who  depend  on  our  technology,  expertise  and  acclaimed 
customer  support. 

FREE  expert  resources  and  the  chance  to  WIN  a  Dell™  Pocket  DJ  at 
stopthethreat.com.  Learn  how  a  proven  multi-tier  network  security  solution 
addresses  your  network’s  protection,  performance,  productivity  and  policy 
enforcement  challenges.  Download  free  white  papers,  analyst  reports  and  case  stud¬ 
ies  from  independent  expert  sources  at  stopthethreat.com.  While  you’re  there,  enter 
for  your  chance  to  win  one  of  two  Dell  Pocket  DJs  ($199  value  each). 

SOPHOS 

anti-virus,  anti-spam  and 
email  policy  for  business 


Free  downloads  and  the  chance  to  win  at  stopthethreat.com  ENTER  PIN:  ev4lyb 
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IDS  Pays  Off,  Even  if 
There’s  No  Hacking 


System  shows  its  value  again  as  the  security 
team  sets  out  to  mitigate  the  effects  of  a 
nasty  worm.  By  Mathias  Thurman 


WHEN  I  CAME  INTO 
work  after  the 
weekend,  a  very 
interesting  e-mail 
message  was  waiting  for  me. 
The  message,  with  the  subject 
line  “Account  Alert,”  appeared 
to  be  from  our  help  desk.  It  re¬ 
quested  that  I  read  an  attached 
document  pertaining  to  my 
user  account. 

The  attachment  was  named 
“account-info.exe.” 

This  was  very  alarm¬ 
ing.  We  have  invested 
heavily  in  various 
technologies  to  pre¬ 
vent  e-mail  with  exe¬ 
cutable  file  attach¬ 
ments  from  making  it 
through  our  external  mail 
gateways,  but  it  looked  like 
one  had  gotten  through.  My 
fears  were  validated  when  oth¬ 
ers  in  the  IT  department  said 
that  they  had  received  the 
same  e-mail.  Of  course,  a  good 
percentage  of  the  folks  in  the 
IT  department  know  that 
executable  file  attachments 
should  never  be  opened,  since 
they  are  often  used  as  vehicles 
for  distributing  malicious 
code.  Unfortunately,  there  is 
apparently  a  substantial  num¬ 
ber  of  employees  in  our  com¬ 
pany  who  either  didn’t  know 
this  or  were  fooled  into  believ¬ 
ing  that  the  e-mail  originated 
from  a  trusted  source. 

The  timing  of  this  message 
couldn’t  have  been  worse.  As 
part  of  the  process  of  synchro¬ 
nizing  our  user  accounts,  we 
have  been  sending  out  official 
communications  to  our  users 
regarding  the  upcoming  reset¬ 
ting  of  passwords.  So  users 
have  grown  accustomed  lately 
to  seeing  important  e-mail 
from  the  IT  department.  This 
e-mail  didn’t  follow  the  offi¬ 


cial  company  communications 
format,  but  a  lot  of  users  did¬ 
n’t  pay  much  attention  to  that. 
The  result:  Lots  of  users 
opened  the  attachment,  and 
their  machines  got  infected. 

After  we  analyzed  the  at¬ 
tachment,  we  realized  that  our 
network  was  infected  with  the 
W32.Mytob.DP@mm  worm. 
This  worm  is  nasty.  It  does  a 
lot  of  the  usual  stuff,  such  as 

adding  entries  to  the 
host  file,  registry 
keys,  services  and  so 
on.  But  it  also  in¬ 
cludes  its  own  mail 
relay,  which  allows 
it  to  find  e-mail  ad¬ 
dresses,  distribution 
lists  and  address  books  locat¬ 
ed  in  popular  e-mail  programs 
and  send  e-mail,  including 
that  executable  attachment,  to 
everyone  it  can  find.  In  this 
way,  it  replicates  itself.  But 
W32.Mytob.DP@mm  also  at¬ 
tempts  to  open  an  Internet  Re¬ 
lay  Chat  session  within  a  cer¬ 
tain  chat  room.  If  the  worm  is 
successful  in  connecting  to 
the  chat  room,  it  sits  idle, 
waiting  for  a  command  from 
the  IRC  server.  This  command 
can  cause  the  infected  system 
to  download  files  or  conduct 
other  malicious  activity. 

I’ve  seen  such  worms  install 
keystroke-capturing  programs 
and  periodically  send  the  key- 


I  couldn’t  remember 
the  last  time  our 
IDS  was  used  to 
catch  a  hacker. 


stroke  information  to  the  IRC 
server.  That  sort  of  activity 
wasn’t  observed  in  this  case, 
but  its  potential  to  damage 
the  company  was  still  high. 

The  problem  with  worms 
like  this  is  that  traditional 
virus-protection  software 
rarely  detects  them.  We  usual¬ 
ly  don’t  find  out  about  worms 
or  Trojan  horses  until  we  get  a 
call  from  our  network  engi¬ 
neers  complaining  about  ex¬ 
cessive  bandwidth  or  latency 
problems,  or  when  the  help 
desk  informs  us  that  it’s  get¬ 
ting  bombarded  by  calls  from 
employees  whose  desktops 
aren’t  working  properly. 

To  deal  with  this  latest 
worm,  our  intrusion-detection 
system  guru  simply  looked  for 
outbound,  external  connec¬ 
tions  to  Port  4512,  which  is  the 
rogue  IRC  port  that  we  deter¬ 
mined  was  waiting  for  infect¬ 
ed  machines  to  “call  home.” 
When  we  identified  traffic 
connecting  to  that  port,  we 
could  then  trace  the  IP  ad¬ 
dress  back  to  a  switch  port.  If 
the  IP  address  was  that  of  a 
desktop,  all  we  had  to  do  was 
disable  the  switch  port  until  a 
help  desk  technician  could  be 
dispatched  to  remove  the 
worm.  The  help  desk  put  to¬ 
gether  a  script  that  goes 
through  an  infected  desktop 
and  removes  all  the  actions 
that  the  worm  has  initiated. 

After  this  incident  was 
somewhat  resolved,  I  had  an 
interesting  conversation  with 
a  couple  of  my  security  engi¬ 
neers.  We  talked  about  the 
current  use  of  the  IDS.  Several 
years  ago,  we  deployed  the 
IDS  to  watch  for  signs  that  a 
hacker  was  attempting  to 
compromise  our  network. 
Among  other  things,  we 
looked  for  various  types  of 
buffer  overflow  exploits,  port 
scans,  denial-of-service  at¬ 
tacks  and  other  attempts  to 
take  advantage  of  a  publicly 
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advertised  weakness  in  some 
application. 

But  I  noted  that  in  the  past 
several  years,  our  IDS  has 
been  used  more  for  detecting 
policy  violations  (such  as 
the  use  of  peer-to-peer  file 
downloading  and  chat  rooms) 
and  tracing  malicious  code 
(worms,  Trojan  horses  and 
viruses).  I  couldn’t  remember 
the  last  time  our  IDS  was  used 
to  catch  a  hacker  targeting  our 
company  via  a  buffer  overflow 
or  other  sophisticated  attack. 
We  still  configure  our  IDS 
rule  base  to  look  for  those 
types  of  signatures,  but  we 
really  haven’t  seen  anything 
substantial. 

Most  of  the  time,  the  worst 
thing  that  happens  is  that  our 
external  network  is  constantly 
being  probed  by  hundreds  of 
suspect  IP  addresses  every 
hour.  We  used  to  try  to  con¬ 
tact  service  providers  to  let 
them  know  that  someone 
within  their  ne  twork  was 
probing  us,  but  we  never  got 
any  type  of  disposition,  so  we 
limit  the  complaints  to  only 
the  top  offenders. 

Our  IDS  infrastructure  cur¬ 
rently  monitors  about  98%  of 
our  network.  We  are  constant¬ 
ly  getting  calls  from  the  net¬ 
work  team,  help  desk  staffers 
and  desktop  support  people  to 
assist  them  with  monitoring 
and  analyzing  network  traffic 
and  to  help  them  discover 
malicious  activity  on  the  net¬ 
work.  The  IDS  might  be  our 
most  valuable  and  prized 
piece  of  infrastructure,  and  it’s 
probably  saved  the  company 
hundreds  of  thousands  of  dol¬ 
lars  in  support  calls  and  un¬ 
needed  resources. 

The  next  step  is  to  get  a  ro¬ 
bust  event  management  infra¬ 
structure  and  automate  much 
of  what  we  do,  so  that  we  can 
offload  a  lot  of  this  activity 
to  the  newly  created  security 
operations  team.  I 

WHAT  DO  YOU  THINK? 

This  week’s  journal  is  written  by  a  real  secu¬ 
rity  manager,  “Mathias  Thurman,"  whose 
name  and  employer  have  been  disguised  for 
obvious  reasons.  Contact  him  at  mathias_ 
thurman@yahoo.com,  or  join  the  discussion 
in  our  forum:  QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager’s  Journals,  go  online  to 

o  computerworld.com/seciournal 
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Security  Bookshelf 

■  Layer  2  VPN  Architectures, 
by  Wei  Luo,  Carlos  Pignataro, 
Anthony  YH  Chan  and  Dmitry 
Bokotey  (Cisco  Press,  2005). 

This  is  a  timely 
release  for  us, 
since  we’re  con¬ 
verting  our  net¬ 
work  to  Multi- 
protocol  Label 
Switching.  Al¬ 
though  primarily 
focused  on  Cisco 
technology,  the 
book  is  an  easy- 
to-read  reference  on  Layer  2 
VPNs.  It  provides  case  studies, 
as  well  as  shots  of  configura¬ 
tion  screens  and  captures.  I 
actually  enjoyed  the  first  five 
chapters,  which  provide  well- 
written  explanations  of  com¬ 
mon  standards,  protocols  and 
architectures.  After  you  thumb 
through  the  MPLS  chapters, 
you  are  guaranteed  to  under¬ 
stand  this  technology,  from 
concept  to  real-world  applica¬ 
tion.  A  great  reference  book 
for  any  network  security  pro. 

-Mathias  Thurman 


IBM  Pushes  Use  of 
Digital  Certificates 

IBM  will  try  to  encourage 
banks  to  make  more  use  of 
digital  certificates  through  a 
partnership  with  trusted  iden¬ 
tity  company  Identrus  LLC. 
Identrus  has  certified  Version 
1.5  and  higher  of  IBM’s  VOS 
mainframe  operating  system. 
Asaresult,  users  of  the  soft¬ 
ware  can  act  as  their  own 
digital  certificate  authorities, 
eliminating  potentially  costly 
middleman  certifiers,  said 
June  Felix,  general  manager 
of  IBM  Global  Banking. 

Raw  in  Acrobat 

Adobe  Systems  Inc.  has 
warned  of  a  serious  flaw  af¬ 
fecting  Acrobat  Reader  5.x 
for  Unix  and  Linux.  The  flaw 
leaves  users  open  to  attack 
via  maliciously  crafted  PDF 
files,  which  can  be  spread  via 
e-mail  attachments  and  Web 
page  links  and  used  to  take 
control  of  a  system. 


ALERT,  VIGILANT, 


AND  WELL-GUARDED 


MICROSOFT.COM/SECURITY/IT 

Microsoft 


Find  the  tools  and  guidance  you  need  for  a  well-guarded  network 
at  microsoft.com/security/IT 


Microsoft  Windows  KP  Service  Pack  2:  Download  it  for 
free  and  get  stronger  system  con  rol  and  proactive  protection 
against  security  threats. 

Free  T  ols  &  Updates:  Download  free  software  like  Microsoft 
Baseline  Security  Analyzer  to  verify  that  your  systems  are 
configured  to  maximize  security.  Manage  software  updates 
easily  with  Windows  Server  Update  Services. 


►  Microsoft  Risk  Assessment  Tool:  Complete  this  free,  Web-based 
self-assessment  to  help  you  evaluate  your  organization's  security 
practices  and  identify  areas  for  improvement. 

►  Internet  Security  and  Acceleration  Server  2004:  Download 
the  free  120-day  trial  version  to  evaluate  how  the  advanced 
application-layer  firewall,  VPN,  and  Web  cache  solution  can 
improve  network  security  and  performance. 
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BY  JAN  MATLIS 

Although  the  acronym 
AJAX  is  fairly  straightfor¬ 
ward,  derived  from  Asyn¬ 
chronous  JavaScript  and 
XML,  it’s  significant 
because  it  captures 
a  paradigm  shift  in  the  delivery 
of  Web  page  content. 

The  AJAX  approach  to  Web 
content  delivery  speeds  up  the 
user  interface.  The  long  wait 
for  an  entire  page  to  refresh  from  a 
Web  server  isn’t  necessary  in  an  AJAX- 
based  application.  Only  that  part  of  a 
Web  page  that  needs  to  be  updated  is 


altered,  and  the  update  is  done  locally, 
if  possible,  and  asynchronously. 

The  user  can  continue  to  interact 
with  the  Web  page  while  JavaScript 
on  the  client  minimizes  interactions 
_  with  the  server,  and  informa¬ 
tion  passing  between  client 
and  server  is  done  in  the 
background. 

11 V  i  For  developers  not  yet 

”  *  using  AJAX,  any  change  to  a 
Web  page  requires  a  full 
client/server  interaction.  For  example, 
a  request  to  insert  a  newly  typed 
item  into  a  list  (say,  an  additional  DVD 
selection  into  a  Web  shopping  cart) 


Traditional  Web  Apps  vs.  AJAX 


The  traditional  model  for 
Web  applications  (left)  compared 
with  the  AJAX  model  (right). 


requires  a  series  of  steps:  After  the 
new  item  name  (the  DVD  title)  is 
entered  into  a  form,  it’s  passed  back 
to  a  server.  The  server  then  generates 
a  new  Web  page.  That  page  is  transmit¬ 
ted  back  to  the  client,  and  the  client’s 
entire  Web  page  screen  gets  refreshed. 
The  URL  at  the  top  of  the  Web  page 
reflects  the  transaction  that  has  just 
occurred. 

Interact  Locally 

In  contrast,  in  an  AJAX-based  Web 
application,  the  interaction  looks  like 
this:  The  user  types  a  new  item  into  an 
input  box.  JavaScript,  running  on  the 
user’s  computer,  inserts  the  item  into 
the  list  and  refreshes  only  a  few  lines 
of  the  Web  page.  The  server  is  entirely 
cut  out  of  the  interaction,  and  the  URL 
at  the  top  of  the  Web  page  doesn’t 
change. 

Even  if  client/server  interaction  had 
been  needed,  say,  to  retrieve  the  latest 
discount  price  for  the  DVD,  that  could 
have  been  done  interactively,  and  the 
response  time  of  the  user  interface 
would  have  been  more  like  that  of  a 
program  running  solely  on  the  local 
machine. 

The  AJAX  acronym  was  born  on 
Feb.  18,  2005,  when  it  first  appeared  in 
a  paper  titled  “Ajax:  A  New  Approach 
to  Web  Applications”  [QuickLink 
a6430],  which  was  written  by  Jesse 
James  Garrett,  a  founder  of  Web  con¬ 
sultancy  Adaptive  Path  LLC.  The  term 
has  generated  a  lot  of  buzz  among  de¬ 
velopers  and  bloggers  so  far  this  year, 
but  it’s  only  the  name  that’s  new. 

In  his  essay,  Garrett  points  to  exist¬ 
ing  Google  applications  —  Google 
Groups,  Suggest,  Maps  and  Gmail  — 
as  examples  of  the  new  paradigm  in 
Web  interaction  design.  Google  Maps 
doesn’t  jerk  and  stall  as  a  user  pans  the 
field  of  view  across  an  apparently  lim¬ 
itless  map.  The  older  paradigm  re¬ 
quires  the  user  to  click  on  an  arrow  in 
the  requested  panning  direction,  which 
is  followed  by  an  hourglass  hiatus 
while  the  map  server  creates  the  de¬ 
sired  view  and  downloads  it  to  the  lo¬ 
cal  machine. 

The  following  technologies  and  pro¬ 
tocols  used  in  AJAX  had  been  around 
for  a  while  before  Garrett  specified 
them  in  his  essay: 

XHTML  and  Cascading  Style  Sheets 
(CSS)  for  presentation. 

■  Document  Object  Model  for 
dynamic  display. 

XML  and  Extensible  Stylesheet  Language 
Transformations  for  data  interchange. 

■  Microsoft’s  XMLHttpRequest  for 
asynchronous  client/server 


AJAX: 

MVC  Redux 


Some  people  who  follow  development 
trends  bristle  at  the  suggestion  that 
AJAX  is  anything  new,  despite  the  re¬ 
cent  coinage  of  the  term.  For  them, 
AJAX  is  just  the  most  recent  incarna¬ 
tion  of  a  model-view-controller  (MVC) 
architecture  for  building  applications. 
The  roots  of  MVC  can  be  traced  back 
to  1979,  when  Trygve  Reenskaug,  a 
researcher  working  on  the  Smalltalk 
language  at  Xerox  Corp.’s  Palo  Alto 
Research  Center,  first  described  the 
architectural  pattern  and  its  benefits. 

MVC  separates  an  application's 
data  model,  user  interface  and  control 
logic  into  three  distinct  components, 
or  objects.  This  means  that  modifica¬ 
tions  to  the  view  component  (usually 
the  user  interface)  can  be  made  with 
minimal  impact  to  the  data  model.  The 
data  model  is  the  domain-specific 
representation  of  the  information  on 
which  the  application  will  operate. 

The  controller  mediates  between 
the  data  model  and  the  view.  It  re¬ 
sponds  to  events,  which  are  usually 
actions  by  users,  and  changes  the 
view  or  model  as  appropriate. 

The  primary  benefit  of  the  MVC  ap¬ 
proach  is  that  it  increases  the  respon¬ 
siveness  of  the  view  component  while 
maintaining  the  stability  of  the  data 
model  -  no  mean  feat,  given  the 
event-driven  characteristics  of  the 
modern  graphical  user  interface. 

Since  it  requires  the  separation  of 
the  model  and  the  controller  from  the 
view  component,  the  MVC  design  also 
promotes  platform  independence  for 
programs.  The  programmer  can  im¬ 
plement  the  data  model  and  the  con¬ 
troller  in  a  cross-platform  language 
like  C  or  C++.  The  toughest  part  of 
porting  the  application  to  a  new  oper¬ 
ating  system  then  becomes  redesign¬ 
ing  the  view.  Use  of  the  OS-specific 
language  is  then  limited  to  controller 
notification  of  user  events  and 
changes  in  the  data  model. 

MVC  and  its  offspring,  such  as 
AJAX,  are  viewed  by  many  as  the 
most  promising  means  of  unraveling 
the  complexities  of  Web  application 
development. 

-  Tommy  Peterson 
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interaction. 

JavaScript  to  run  commands 

on  the  client  machine. 

Until  recently,  however, 
some  crucial  pieces  weren’t  in 
place  to  bring  the  technolo¬ 
gies  together.  As  Adam  Bos- 
worth,  vice  president  of  engi¬ 
neering  at  BEA  Systems  Inc., 
wrote  in  a  recent  blog  on  the 
subject,  “The  physics  didn’t 
work  in  1997.”  Without  the 
wide  adoption  of  broadband, 
Bosworth  points  out,  down¬ 
loading  the  required 
JavaScript  for  local  control 
(often  as  much  as  10,000  to 
20,000  lines  of  code)  took 
too  long. 

In  addition,  until  a  few  years 
ago,  processors  ran  too  slowly 
for  JavaScript.  Even  if  the 
physics  had  worked,  until  re¬ 
cently  the  same  code  couldn’t 
have  run  on  all  Web  browsers, 
Bosworth  says. 

Finally,  or  perhaps  most  im¬ 
portant,  in  Bosworth’s  estima¬ 
tion,  personal  applications  like 
Google  Maps  and  Gmail  were 
in  the  minority  of  Web  appli¬ 
cations  and  were  in  less  wide¬ 
spread  use  five  or  six  years 
ago  than  they  are  today. 

Some  Limits 

Not  all  applications  may  be 
right  for  the  AJAX  approach. 
Skeptics  frequently  cite 
“breaking  the  Back  button”  as 
a  serious  problem.  Because 
AJAX  allows  Web  pages  to  be 
modified  locally  and/or  incre¬ 
mentally,  clicking  on  the  Back 
button  doesn’t  necessarily  re¬ 
turn  a  user  to  the  previous 
page.  The  Back  button  may 
take  the  user  all  the  way  back 
to  the  beginning  of  a  long  in¬ 
teraction  —  the  one  specified 
by  the  URL  shown  at  the  top 
of  the  Web  page. 

For  the  same  reason,  the 
URL  at  the  top  of  the  Web 
page  doesn’t  completely  spec¬ 
ify  the  contents  of  a  page,  so  it 
may  be  impossible  to  book¬ 
mark  desired  pages  or  share 
URLs  so  that  others  may  see 

Are  there  technologies  or  issues  you’d  like 
to  learn  about  in  QuickStudy?  Send  your 
ideas  to  quickstudy@computerworld.com 

To  find  a  complete  archive  of  our 
QuickStudies,  go  online  to 

O  computerworld.com/quickstudies 


the  same  Web  content.  And 
asynchronous  updates,  as 
blogger  Alex  Bosworth  (son 
of  Adam  Bosworth)  and  oth¬ 
ers  have  pointed  out,  mean 
that  a  Web  page  could  adjust 
its  shape,  layout  or  length 


unexpectedly. 

Despite  those  drawbacks, 
AJAX  has  generated  real  ex¬ 
citement  with  its  promise  of 
more-responsive  Web  interac¬ 
tions.  Garrett  ends  his  essay 
with  this  Utopian  vision:  “The 


biggest  challenges  in  creating 
Ajax  applications  are  not  tech¬ 
nical.  . . .  The  challenges  are 
for  the  designers  of  these  ap¬ 
plications:  to  forget  what  we 
think  we  know  about  the  limi¬ 
tations  of  the  Web,  and  begin 


to  imagine  a  wider,  richer 
range  of  possibilities.” 

©  55262 

Matlis  is  a  freelance  writer  in 
Newton,  Mass.  He  can  be  reached 
atjmtgpcmcm@aol.com. 
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Calendaring  App 
For  Smaller  Firms 

■  Calendaring  and  scheduling 
software  vendor  Meeting  Maker 
Inc.  has  released  Meeting  Maker 
for  Outlook,  which  is  designed  to 
allow  small  and  midsize  compa¬ 
nies  to  run  Microsoft  Outlook 
without  using  Microsoft  Exchange 
servers.  The  release  offers  Out¬ 
look’s  standard  calendaring  capa¬ 
bilities  and  lets  users  schedule 
single  or  recurring  meetings  in 
real  time,  schedule  resources  re¬ 
quired  for  a  meeting  and  see  cal¬ 
endars  in  multiple  views,  said  the 
Waltham,  Mass.-based  company. 
The  software  starts  at  $949  for  a 
10-user  license. 


Dell  Adds  Switch 
To  Blade  Servers 

■  Dell  Inc.  has  added  McData 
Corp.  4314  Fibre  Channel 
switches  to  its  blade  server  line, 
the  Dell  PowerEdge  1855.  The 
switch  was  designed  to  ease 
storage-area  network  deployment 
in  blade  server  environments, 
said  Dell.  Fibre  Channel  traffic  is 
aggregated  in  the  switch  from  a 
daughtercard  port  on  each  blade 
server  to  four  uplink  ports  that 
connect  directly  to  Dell  or  EMC 
Corp.  storage  devices  or  to  addi¬ 
tional  Fibre  Channel  switches. 
Pricing  for  a  single  switch  begins 
at  $8,999. 


SmartDB  Releases 
Tool  for  Oracle 

■  SmartDB  Corp.  in  Menlo  Park, 
Calif.,  has  announced  a  new 
browser-based  tool  called  Repor¬ 
tal.  The  software  allows  users  of 
Oracle  E-Business  Suite  applica¬ 
tions  to  define  queries  and  decide 
how  and  when  query  results  are 
delivered,  said  the  integration 
software  maker.  By  creating  an 
abstract  layer  of  configurable 
business  modules,  SmartDB 
Reportal  organizes  complex  data 
structures  into  meaningful  “cap¬ 
sules”  that  are  accessible  to  non¬ 
technical  users.  The  product  is 
shipping  now  and  starts  at 
$30,000  per  server. 


CURT  A.  MONASH 


More  Data  Makes 
Your  Business  Grow 


THE  JOB  of  IT  departments  can  be  concise¬ 
ly  described  as  having  two  parts:  manag¬ 
ing  data  and  advising  business  people 
about  how  the  data  could  be  used. 

As  a  general  rule,  there’s  little  question 
as  to  what  data  might  actually  be  involved  in  either  of 


those  functions.  But  the  ex¬ 
ceptions  to  that  rule  tend  to 
be  both  intellectually  stimu¬ 
lating  and  economically  im¬ 
portant.  In  surprisingly 
many  cases,  the  use  of  new 
data  sources  can  provide  a 
huge  boost  to  business  prof¬ 
itability  and  success. 

Examples  abound  in  both 
the  transactional  and  ana¬ 
lytic  arenas.  On  the  trans¬ 
actional  side,  some  of  the 
biggest  opportunities  lie  in 
the  tracking  of  products  and  other 
physical  objects  via  radio  frequency 
identification  (RFID)  or,  in  some  cases, 
more  active  mobile  devices.  Indeed,  if 
you’re  in  an  industry  such  as  retail,  dis¬ 
tribution  or  transportation,  that’s  prob¬ 
ably  a  top-of-mind  issue  for  you  and  a 
major  part  of  your  company’s  medium- 
range  capital  budgeting.  Also,  compa¬ 
nies  in  more  and  more  industries  are 
developing  miniature  commodity¬ 
trading  desks  and  bringing  in  invest¬ 
ment  transaction  data  to  support  them. 

Less  obvious,  yet  potentially  even 
more  important,  are  the  possible 
sources  of  new  analytic  data.  There’s 
data  that’s  already  available  for  you  to 
collect,  data  that  you  can  buy  and  en¬ 
tirely  new  data  that  you  would  have  to 
create.  There’s  conventionally  struc¬ 
tured  data,  unconventionally  structured 
data  and  data  that’s  barely  structured  at 
all.  The  possibilities  are  varied  enough 
that  if  you  don’t  take  the  time  to  think 
them  through,  you  may  well  miss  a 
company-changing  opportunity. 

In  some  cases,  you  just  have  to  notice 
data  that  has  already  fallen  into  your 


lap.  Search-engine  logs  tell 
you  of  customers’  questions 
and  interests  in  their  own 
words.  General  Web-visitor 
logs  give  you  similar  in¬ 
sight.  You  may  have  a  lot  of 
customer  satisfaction  and 
product-quality  data  sitting 
around  to  be  text-mined 
from  warranty  claims,  call 
center  reports  and  the  like. 
And  if  a  solution  could  be 
found  to  the  privacy  issues, 
even  more  information 
could  be  gleaned  by  voice-mining  actu¬ 
al  telephone  conversations. 

In  other  cases,  you  can  obtain  valu¬ 
able  data  from  third  parties.  The  best- 
known  example  is  consumer  data  from 
credit  reporting  companies,  which  can 
be  used  for  a  variety  of  CRM  purposes; 
many  other  kinds  of  data  can  be  used 
similarly.  Away  from  CRM,  medical 
researchers  want  to  look  across  data 
banks  of  patient  records  to  develop  new 
treatment  insights  without  the  cost,  de¬ 
lay  or  danger  of  conventional  clinical 
trials.  (The  privacy  problems  around 
this  kind  of  research  can  and  will  be 
solved  soon.) 

But  the  really  mind-blowing  possibil¬ 
ities  arise  when  enterprises  deliberately 
set  out  to  create  and  capture  data  for 
the  primary  purpose  of  using  it  analyti¬ 
cally.  Here  are  some  examples: 

Loyalty  cards,  especially  in  gaming.  The 
casino  industry  has  been  transformed 
by  those  cards  you  use  to  tell  the  casino 
what  you’re  doing  and  to  collect  re¬ 
wards.  Both  when  you’re  on  the  premis¬ 
es  and  when  you’re  home,  casinos  mar¬ 
ket  to  you  very  precisely  based  on  that 


information.  Of  course,  this  involves 
massive  data  mining,  but  a  huge  fraction 
of  the  casinos’  profits  comes  from  it. 

Location-based  analytics.  There’s  some¬ 
thing  Big  Brotherish  about  supermarket 
shelves  that  know  who  you  are  and 
make  offers  accordingly,  but  that  tech¬ 
nology  is  being  tested  and  deployed  to¬ 
day.  Wide  use  of  RFID  will  greatly  ex¬ 
pand  its  scope.  Privacy  concerns  do 
need  to  be  overcome,  but  experience 
shows  that  consumers  can  be  bribed 
into  giving  permission  for  this  type  of 
effort  in  return  for  personally  targeted 
marketing  offers. 

Extra  customer  feedback.  Smart  compa¬ 
nies  should  and  do  knock  themselves 
out  to  get  extra  feedback  to  use  in  CRM 
and  product  quality  analysis  alike.  Here 
are  some  ideas  for  getting  that  feed¬ 
back:  extra  incentives  for  submitting 
warranty/registration  cards;  online  sur¬ 
veys  with  prizes/bribes  for  participat¬ 
ing;  outbound  phone  calls  to  customers; 
forums  and  other  community-building 
efforts;  and  better  customer  service  of 
any  kind  (online  or  over  the  phone),  in¬ 
ducing  customers  to  consume  more  of 
it  and  hence  communicate  better. 

Price/offer  testing.  Marketers  have  long 
been  disciplined  to  test  multiple  prod¬ 
uct  prices  and  offers  to  see  what  is 
most  successful.  Analytics  in  support  of 
these  tests  make  the  testing  more  valu¬ 
able.  You  can’t  estimate  demand  elas¬ 
ticity  if  you  make  offers  at  only  one 
price  point. 

These  examples  are  concentrated  in 
CRM  and  product  quality  for  a  good 
reason  —  those  are  the  main  areas  of 
business  where  statistical  analysis 
flourishes.  As  the  scope  of  predictive 
analytics  expands,  the  opportunities  for 
profitable  data-creation  strategies  will 
do  so  as  well.  ©  55395 


READ  MORE  ONLINE 

To  learn  more  about  this  subject,  please  visit  our  Web  site 
and  read  Curt  A.  Monash's  blog: 

www.computerworld.com/blogs/node/512 
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Got  Questions  About 
Enterprise  Data  Analytics? 

Computerworld’s  IT  Management  Summit  Has  the  Answers 


Looking  to  better  understand  enterprise 
analytics?  Apply  to  attend  Computerworld’s 
complimentary*  half-day  IT  Management 
Summit:  Beyond  Business  Intelligence. 

Enterprise  analytics  enable  companies  to 
make  timely  fact-based  decisions  using 
critical  information  from  across  the  entire 


Beyond  Business  Intelligence: 
Using  Enterprise  Analytics  to  Drive 
Fact-Based  Decisions 
Chicago,  Illinois  *  July  26,  2005 

Chicago  Four  Seasons  Hotel  •  120  East  Delaware  Place 

8:00am  to  8:30am  Registration  and  Networking  Breakfast 
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Renee  Romano 
Executive  Director,  Enterprise 
Business  Intelligence  Systems 
and  Information  Services, 
SBC  Communications 


organization.  By  fully  leveraging  data, 
technology,  skills  and  processes,  successful 
users  of  enterprise  analytics  go  beyond 
simply  understanding  the  past,  to  predicting 
outcomes  that  improve  overall  corporate 
performance. 


8:30am  to  8:40am 
8:40am  to  9:10am 


9:10am  to  9:40am 


This  summit  will  feature  the  latest  insights 
of  business  intelligence  industry  experts  and 
will  give  you  first-hand  information  on  the 
innovations  and  experiences  of  companies 
successfully  deploying  enterprise  analytics. 

*  Complimentary  registration  is  restricted  to 
qualified  IT  managers  only. 


9:40am  to  10:30am 


10:30am  to  10:45am 
10:45am  to  1 1:15am 


Apply  for  registration  today 

Contact  Chris  Leger  at  888-299-0155 
or  visit:  www.itmanagementsummit.com 
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Renee  Romano,  Executive  Director,  Enterprise 
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Transforming  Enterprise  Data  Into 
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Connor  Baker,  Director  of  Business  Information, 
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of  Enterprise  Data  Analytics 
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•  Renee  Romano,  Executive  Director,  Enterprise 
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HP  PROLIANT  BL20p  G3  BLADE  SERVER 


with  ProLiant  Essentials  Management  Software 

■  Up  to  2  Intel®  Xeon™  Processors  (3.60GHz/2MB)‘ 

•  High  density:  Up  to  48  servers  per  rack 

•  Flexible/Open:  Integrates  with  existing  infrastructure 

•  HP  Systems  Insight  Manager”:  Web-based  networked 
managment  through  a  single  console 

■  Rapid  Deployment  Pack:  For  ease  of  deployment  and 
ongoing  provisioning  and  reprovisioning 


HP  STORAGEWORKS  MSA1500cs 


Get  2TB  of  Storage  Free  ($2,800  Value)2 

•  Up  to  24TB  of  capacity  (96  250GB  SATA  drives) 

•  Up  to  16TB  of  capacity  (56  300GB  SCSI  drives) 

•  Ability  to  mix  SCSI  and  Serial  ATA  enclosures 
for  greater  flexibility 

•  2GB/1GB  Fibre  connections  to  host 


The  HP  ProLiant  BL20p  G3  blade  server  with  the  Intel®  Xeon™  Processor  simplifies  server  management. 
Simple  to  set  up,  simple  to  monitor,  simple  to  manage.  It  all  starts  with  the  Rapid  Deployment 
Pack,  giving  you  an  automated  setup  process  to  configure  and  deploy  servers  at  a  high  volume 
and  a  rapid  pace.  Then  HP  Systems  Insight  Manager™  carefully  monitors  your  infrastructure, 
alerting  you  to  potential  problems  before  they  occur.  And,  whenever  you're  away  from  the  office, 
the  remote  management  features  let  you  manage  your  server  no  matter  where  you  are.  Plus,  you 
can  bundle  it  with  the  HP  StorageWorks  MSA1500  to  make  storing  your  data  simple,  scalable 
and  affordable.  So  with  HP,  you  get  more  expertise  before  you  buy,  more  technology  when  you 
do  and  more  support  after. 


SMART  ADVICE  >  SMART  TECHNOLOGY  >  SMART  SUPPORT 


Download  a  free  IDC  white  paper 

Reducing  Total  Cost  of  Ownership 
Through  the  Use  of  Blade  Systems. 
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IT  MENTOR 

Grass-Roots  Governance 

The  discretionary  budget  can  be 
treacherous  territory  with  no  rules, 
no  winners  and  lots  of  hard  feelings 
between  IT  and  business.  John  Sullivan 
of  Reynolds  and  Reynolds  explains  how 
his  IT  group  got  a  handle  on  it.  Page  42 


Career  Watch 

Computer-world.  Premier  100  IT 
Leader  Jesus  V.  Arriaga  offers 
advice  on  how  to  become  a  CIO; 
the  hiring  outlook  brightens;  and 
the  ITAA  reports  that  IT  still 
lags  in  hiring  women  and  most 
minorities.  Page  46 


OPINION 

A  Separate  IT  Capital 
Pool  Makes  No  Sense 

Eliminating  discrete  capital 
allocation  processes  for  IT 
and  business  is  a  boon  to 
both,  says  Bart  Perkins.  Find 
out  why.  Page  48 


Ask  most  IT  managers  why  their 
organizations  don’t  regularly  con¬ 
duct  postmortem  reviews  on 
completed  IT  projects,  and  the 
typical  response  is,  “We’d  like  to, 
but  we  just  don’t  have  the  time  or 
resources.” 

But  that  hasn’t  stopped  organizations  such  as  the 
Chicago  Mercantile  Exchange  and  Solo  Cup  Co.  from 
regularly  reviewing  at  least  a  portion  of  their  com¬ 
pleted  IT  projects.  And  while  some  of  the  reviews 
are  done  to  see  if  a  project  met  its  anticipated  objec¬ 
tives,  many  postmortems  are  conducted  simply  to 
determine  what  the  project  teams  could  have  done 
better. 

In  this  age  of  austerity,  either  objective  can  be  a 
win  for  IT  as  postmortems  prove  the  business  value 
of  projects  or  boost  continuous  improvement  efforts. 

“Each  year,  you  want  to  do  better  than  the  previ¬ 
ous  year”  in  terms  of  project  planning  and  project 
portfolio  management,  says  Carl  Stumpf,  director  of 
project  and  financial  controls  for  the  technology  di¬ 
vision  at  Chicago  Mercantile  Exchange  Inc.  (CME). 

But  Stumpf  is  in  the  minority,  according  to  Gartner 
Inc.  Just  13%  of  Gartner’s  clients  conduct  such  re¬ 
views,  says  Joseph  Stage,  a  consultant  at  the  Stam¬ 
ford,  Conn.-based  firm. 

There  are  a  variety  of  reasons  why  postmortems 
aren’t  conducted,  and  some  of  them  are  defensive.  “If 
the  projects  didn’t  accomplish  what  you  set  out  to 
do,  no  one  wants  to  go  back  and  disclose  that,”  par¬ 
ticularly  if  such  discoveries  end  up  negatively  im¬ 
pacting  a  project  manager’s  performance  review,  says 
Tom  Bugnitz,  a  consultant  at  Arlington,  Mass.-based 
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POSTMORTEM  PLAYBOOK 


WHY  THEY’RE  DONE:  The  reasons  vary  among  organiza¬ 
tions,  but  postmortems  are  often  done  at  the  request  of  busi¬ 
ness  sponsors  to  determine  whether  projects  met  business 
goals.  Sometimes  they’re  launched  by  the  IT  department  as  a 
lessons-leamed/continuous-improvement  exercise.  Occasion¬ 
ally  they’re  initiated  to  get  wayward  projects  back  on  track. 

WHEN  THEY’RE  DONE:  They’re  typically  conducted  30  to 
90  days  after  a  project  has  gone  into  production. 

WHO’S  IN  CHARGE:  Generally,  the  IT  department’s  project 
management  office  takes  the  lead. 

WHO  CONDUCTS  THEM:  Often,  quality  assurance  mana¬ 
gers  or  project  managers  who  weren’t  involved  in  the  project 
guide  the  effort. 


WHO  IS  INTERVIEWED:  If  the  postmortem  is  technically 
focused,  the  interviews  are  usually  restricted  to  IT  project 
team  members  such  as  developers,  testers  and  project 
leaders.  If  the  postmortem  is  focused  on  the  achievement 
of  business  goals,  business  sponsors  and  users  are  often 
included  as  well. 

WHAT  KINDS  OF  QUESTIONS  ARE  ASKED:  Was  the  proj¬ 
ect  delivered  on  time,  on  budget  and  within  scope?  Did  it 
meet  the  business  sponsor's  expectations?  What  went 
well?  What  didn’t?  What  could  have  been  done  better? 

HOW  LONG  DOES  IT  TAKE:  It's  usually  completed  within  a 
few  weeks. 

-  Thomas  Hoffman 


Cutter  Consortium  and  a  partner  at  The  Beta  Group, 
a  St.  Louis  consulting  firm. 

Ironically,  the  IT  groups  that  need  postmortems 
the  most  are  probably  the  least  likely  to  perform 
them.  The  notion  of  conducting  a  postmortem 
“would  be  viewed  as  a  time  sink”  for  an  IT  organiza¬ 
tion  with  immature  project  management  capabilities, 
since  it  wouldn’t  be  able  to  fully  grasp  the  value  to 
be  gained,  says  Margo  Visitacion,  an  analyst  at  Cam¬ 
bridge,  Mass.-based  Forrester  Research  Inc. 

Seeking  Returns 

But  postmortems  can  pay  off  for  companies  that  ex¬ 
pend  the  time  and  resources  to  execute  them  properly. 

When  the  CME,  a  predominantly  electronic  fu¬ 
tures  exchange,  went  public  in  2002,  that  placed  “a 
lot  of  the  risk  on  our  side”  in  IT,  says  Mark  Bennett, 
associate  director  of  the  project  and  financial  con¬ 
trols  group.  To  help  mitigate  some  of  that  IT  risk,  the 
CME  began  conducting  postmortem  reviews  on  its 
two-dozen  largest  IT  projects  in  late  2003. 

The  exchange  uses  enterprise  portfolio  manage¬ 
ment  software  from  Newport  Beach,  Calif.-based 
Artemis  International  Solutions  Corp.  to  help  project 
teams  go  back  and  evaluate  their  original  objectives, 
risks  and  assumptions  and  determine  whether  pro¬ 
jections  for  resources,  capital  and  contractor  fees 
were  estimated  accurately,  says  Bennett.  Those  steps 
enable  the  CME’s  project  sponsors  to  better  under¬ 
stand  the  financial  constraints  the  technology  divi¬ 
sion’s  project  group  faces  and  help  them  to  better 
balance  risk  and  prioritize  projects. 

The  reviews  have  also  helped  the  CME’s  project 
teams  determine  how  to  improve  future  iterations  of 
software  development  projects,  says  Peter  Barker, 
director  of  interest-rate  products  for  the  exchange 
and  a  business  sponsor  of  IT  projects. 

He  points  to  an  enhanced  options  system  that 
went  live  last  August  that  enables  the  exchange’s 
market  makers  to  trade  euro/dollar  options  on  com¬ 
puter  screens.  One  of  the  “thousand  little  things”  that 
have  come  out  of  that  project’s  review  were  recom¬ 
mendations  made  by  market  makers  to  improve  an 
application  programming  interface  that  allows  them 
to  send  “streaming”  prices  to  trading  screens,  says 
Barker.  Those  improvements  were  put  into  produc¬ 
tion  in  February,  he  adds. 


But  sometimes  it  takes  a  while  to  get  the  post¬ 
mortem  process  right.  Meijer  Inc.,  a  Grand  Rapids, 
Mich.-based  chain  of  grocery  stores,  began  conduct¬ 
ing  postmortem  reviews  on  some  of  its  IT  projects 
after  it  formally  launched  a  program  management  of¬ 
fice  (PMO)  seven  years  ago,  says  IT  program  manag¬ 
er  Jim  Morse.  But  the  practice  was  abandoned  after  a 
few  years  when  the  review  process  became  “too 
picky,”  he  recalls. 

“We  were  trying  to  do  metrics  and  measures  and 
turn  it  into  a  scorecard,  and  it  got  kind  of  scary,”  says 
Morse.  That’s  because  the  review  process  at  that 
time  was  focused  too  much  on  metrics  and  failed  to 
evaluate  some  of  the  softer  but  equally  important  as¬ 
pects  of  project  success  that  can’t  easily  be  measured, 
such  as  trust,  commitment  and  reliability,  he  says. 


■  Be  sure  the 
reviewers  under¬ 
stand  the  value  of 
the  exercise  and 
what  the  expecta¬ 
tions  are. 

■  Design  the  reviews 
to  be  both  subjective  and  objective. 

■  Make  sure  the  facilitators  steer 
clear  of  finger-pointing. 

■  Have  an  independent  project  manage¬ 
ment  office  supervise  the  reviews. 
Otherwise,  peer  reviews  tend  to  favor 
the  styles  of  the  reviewers. 

■  Include  project  team  members,  end 
users  and  business  sponsors  among 
the  interviewees. 

■  To  avoid  surprises  during  the  review, 
conduct  periodic  audits  while  the  project 
is  under  way,  focusing  on  aspects  such 
as  the  timeline,  budget  and  scope. 

■  Collect  information  throughout  the 
project  life  cycle  to  help  lighten  the  load 
at  review  time. 

-  Thomas  Hoffman 


The  project  reviews  have  since  been  restarted  and 
are  now  focused  on  more-qualitative  measures:  what 
went  well,  what  didn’t  go  well,  what  could  have  been 
done  better  and  what  steps  could  have  been  taken  to 
improve  a  project’s  quality. 

Meijer’s  PMO  conducts  postmortems  on  only 
some  of  its  IT  projects,  since  “we  just  don’t  have  the 
bandwidth”  to  examine  all  of  them,  says  Morse. 
Sometimes  they’re  done  at  the  behest  of  senior  man¬ 
agement  to  determine  whether  a  big  project  met  its 
business  objectives.  Morse  will  also  occasionally 
conduct  a  review  of  a  project  in  progress  if  he  thinks 
it’s  running  off  track. 

No  Scapegoats 

One  of  the  big  challenges  in  postmortems  is  to  con¬ 
vince  project  managers  that  they  aren’t  being  made 
scapegoats  for  problems  that  might  have  arisen. 

“The  first  reaction  is,  ‘Oh,  my  project  is  a  failure 
and  now  they  want  to  nail  me,’  ”  says  Morse.  “But 
it’s  not  an  ‘I  gotcha’  game.”  Used  properly,  post¬ 
mortems  are  an  opportunity  to  review  the  strengths 
and  weaknesses  of  how  a  project  was  handled  and 
learn  from  them. 

IT  project  teams  at  Solo  Cup  started  doing  post¬ 
mortem  reviews  two  years  ago  on  roughly  20%  of  the 
company’s  IT  projects.  The  reviews  give  IT  a  “grass¬ 
roots  perspective”  on  problems  that  have  cropped  up 
and  help  to  determine  what  could  have  been  done 
better,  says  Richard  Wolfson,  senior  manager  of  IT 
quality  assurance  at  the  Highland  Park,  Ill.-based 
maker  of  disposable  tableware. 

At  Solo  Cup,  the  quality  assurance  person  who  is 
assigned  to  the  project  runs  the  review,  says  Wolfson. 
Most  of  the  reviews  examine  technical  issues:  Was 
project  planning  done  effectively,  and  was  it  well 
coordinated  with  business  users?  Did  testing  follow 
the  proper  procedures?  Were  system  defects  caught 
quickly  during  the  development  phase  and  resolved? 

If  there  are  only  technical  issues  to  resolve,  busi¬ 
ness  sponsors  are  typically  left  out  of  the  review,  says 
Wolfson.  But  in  about  a  quarter  of  the  cases,  their  in¬ 
put  is  expected  to  help,  so  discussions  with  the  busi¬ 
ness  sponsors  are  included  as  part  of  the  process. 

The  CME’s  Stumpf  says  that  aside  from  helping  to 
mitigate  IT  risk  and  improving  IT  product  iterations, 
his  reviews  have  yielded  additional  benefits,  includ¬ 
ing  increased  visibility  for  the  IT  department. 
“There’s  a  subtle  benefit  to  it,”  he  says.  Business 
managers  buy  into  IT  projects  much  more,  because 
postmortems  give  business  sponsors  a  clearer  pic¬ 
ture  of  what  the  IT  project  group  is  doing. 

Postmortems  can  also  bring  unexpected  benefits. 
Last  year,  Meijer’s  PMO  reviewed  a  big  replenishment 
system  project.  The  review  included  interviews  with 
the  vendors  involved.  And  although  its  results  weren’t 
particularly  surprising,  it  did  lead  to  changes  in  rela¬ 
tionships  with  some  of  the  vendors,  says  Morse. 

But  perhaps  the  most  important  benefit  is  one  that 
occurs  before  the  postmortem  even  begins,  says  The 


INSTANT  REPLAY 

Royal  Caribbean  has  opted  against 
conducting  postmortems  in  favor  of 
phase  reviews  throughout  each  project: 
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Beta  Group’s  Bugnitz: 
“It  forces  people  to 
place  greater  attention 
on  achieving  the  de¬ 
sired  benefits  at  the 
front  end  of  the  proj¬ 
ect.”  ©  55229 


August  14-18 

Moscone  Center 
San  Francisco 


The  industry’s  largest 
independent  HP-centric 
technical  training  event 


KEYNOTE  SPEAKERS 


Ann  Livermore 

Executive  Vice 
President,  Technology 
Solutions  Group,  HP 

Kris  Hagerman 

Executive  Vice  President 
Storage  and  Server 
Management  Group, 
VERITAS 

Patrick  J.  Martin 

Chairman,  President 
and  CEO,  StorageTek 

Chuck  Rozwat 

Executive  Vice 
President,  Server 
Technologies,  Oracle 

Premier  Sponsors 


VERITAS 


invent 


ORACLE'  StorageTek 


Gold  Sponsors 

A 

BHOADCOS*. 

everything* 


Computer  Associates* 


Join  us  in  San  Francisco  for  a  week  of  in-depth 
technical  training  that  will  sharpen  your  skills 
and  provide  you  with  the  solutions  you  need  to 
improve  both  IT  efficiency  and  productivity. 

Top  1 0  Reasons  to  Attend  HP  World  2005  Conference  &  Expo  in  San  Francisco: 


1 

2 


3 


5 


250+  technical  sessions  that  will  deliver  real- 
world  solutions  that  you  can  implement  right 
away  to  save  money  and  improve  efficiencies. 

20  hands-on  workshops  -  including 
Itanium  Migration,  HP-UX  performance 
tuning  and  sessions  from  Microsoft’s 
Tech*Ed  event  -  where  you  will  learn 
keystroke-by-keystroke  how  to  overcome 
your  biggest  technical  challenges. 

A  rich  selection  of  full  and  half-day  training 
seminars  that  will  give  you  the  depth  of 
knowledge  you  need  to  master  a  technology. 

Keynote  address  from  HP  World  favorite 
Ann  Livermore  -  find  out  what’s  next  for 
HP’s  enterprise  groups. 

Executive  Keynotes  from  leading 
HP  Partner  companies:  Chuck  Rozwat, 
Oracle;  Kris  Hagerman,  VERITAS;  and 
Patrick  J.  Martin,  StorageTek. 


6 


8 

9 


10 


Sign-up  for  your  Interex  membership  and  save  $200! 


Attend  “Marketing  Free”  sessions 
and  avoid  the  sales  pitches  you 
often  get  at  other  conferences. 

Increase  your  job  credentials  with 
on-site  certification  testing  from 
Thomson  Prometric. 

Sign-up  for  SNIA  sessions  and  a 
certification  seminar  as  part  of  our 
new  Storage  Networking  Program. 

Hear  from  industry  gurus  Ira 

Winkler,  Bruce  Perens,  Bdale 
Garbee  and  John  C.  Dvorak  in 

our  Plenary  Speaker  Series. 

Meet  one-on-one  with  dozens  of 
leading  technologists  in  our  new 
Meet  the  Experts  Forum  and  get 
the  answers  you  need. 


SPECIAL  15%  DISCOUNT: 

For  ComputerWorld  Magazine  readers 

Use  Discount  Code:  CWRLD15 


Register  today  at  www.hpworld.com 


HP  World  is  an  independent  event  produced  by  Interex  and  is  not  produced  by  Hewlett-Packard.  The  name  HP  World  is  used  under  license  from  Hewlett-Packard.  HP  is  a  registered  trademark  of  Hewlett-Packard  Company. 


42  CGMPUTERWORLD  July  11, 2005 


MANAGEMENT 


www.computerworld.com 


m 


m  • 


••••••••••••••••••••a 


The  discretionary  budget 
is  a  no  man’s  land 
that  can  breed  hostility 
between  IT  and  business. 
Here’s  how  one  IT  group 
brought  order  to  the 
chaos.  By  John  Sullivan 


Between  the  large  strategic 
projects  and  ongoing  sup¬ 
port  in  your  IT  budget  is 
the  “discretionary”  section. 
The  middle  is  often  a  safe 
place  to  be,  but  not  so  in 
the  IT  budget.  This  section 
funds  business  requests 
that  occur  throughout 
the  year,  things  like  creating  reports, 
changing  screen  layouts  or  building  an 
interface  between  two  systems.  While 
the  middle  can  be  a  frustrating  place 
for  technical  staffers,  it’s  also  a  place 
where  IT  has  a  chance  to  improve  its 
reputation. 

In  many  companies,  the  consolida¬ 
tion  of  IT  staffs  into  smaller,  centralized 
groups  has  made  discretionary  work  a 
big  issue.  Business  units  that  no  longer 
have  dedicated  IT  groups  must  com¬ 


pete  for  staff  time  to  implement  discre¬ 
tionary  projects.  The  IT  staff  needs  to 
address  these  requests  while  also  im¬ 
plementing  strategic  projects  and  sup¬ 
porting  current  applications.  The  re¬ 
sult  is  often  benign  neglect,  with  the 
IT  staff  delaying  its  assessment  and 
implementation  of  requests  and  busi¬ 
ness  units  feeling  stifled  and  ignored. 

What’s  needed  is  “grass-roots  gover¬ 
nance,”  a  system  for  receiving  and  proc¬ 
essing  discretionary  work.  Here’s  how 
we  created  a  governance  structure  for 
eliminating  weak  and  unaligned  dis¬ 
cretionary  IT  projects  while  helping  to 
identify  and  implement  effective  ones.  - 

ELIMINATE  THE  OLD.  Our  requests  for 
discretionary  work  were  informal  and 
tended  to  evolve  through  a  series  of 

Continued,  on  page  44 
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Continued  from  page  42 
difficult  and  inefficient  meetings, 
phone  calls  and  e-mails.  There  was  no 
process  or  criteria  to  use  in  judging  re¬ 
quests,  and  business  customers  consid¬ 
ered  any  attempt  to  reject  one  or  lower 
a  request’s  priority  to  be  hostile. 

We  first  consolidated  all  requests 
and  solicited  any  pending  requests  that 
weren’t  yet  submitted.  Then  we  elimi¬ 
nated  about  a  third  of  them  because 
they  were  redundant,  outdated  or  irrel¬ 
evant.  This  created  a  starting  point  for 
both  IT  and  business  staffs. 

EXPLAIN  YOUR  REASONING.  The  business 
people  remembered  earlier  attempts  to 
rank  and  implement  technology  proj¬ 
ects,  and  those  memories  weren’t  good, 
partly  because  early  efforts  relied  ex¬ 
cessively  on  executive-level  communi¬ 
cations.  This  time,  we  targeted  our 
communications  to  the  people  request¬ 
ing  our  services  —  the  middle  manage¬ 
ment  and  staffs  of  the  business  units. 

We  explained  our  need  to  better  al¬ 
locate  time,  money  and  staff  and  our 
mutual  obligation  as  employees  to  en¬ 
sure  that  all  projects  aligned  with  com¬ 
pany  priorities.  To  get  a  consistent  set 
of  information  from  all  business  units, 
we  told  them  we  needed  to  implement 
a  new  process  and  would  require  a 
standard  form  for  all  submissions. 

KEEP  IT  SIMPLE.  We  designed  a  basic 
form  —  a  Word  document  laying  out 
the  minimum  information  we  needed  to 
objectively  evaluate  each  request.  (We 
later  migrated  this  to  an  online  system.) 
The  form  required  the  requester  to  ex¬ 
plain  how  the  project  would  increase 
revenue,  reduce  costs,  comply  with  the 
law  or  simplify  doing  business. 

SELL  IT.  Then  we  sold  the  benefits  of 
the  new  process  to  the  business  by 
making  the  following  points: 

■  It  would  become  the  standard  way  for 
business  people  to  submit  work,  eliminat¬ 
ing  their  confusion  and  frustration  over  not 
knowing  how  to  present  their  requests. 

■  It  would  save  both  groups  time  by  elimi¬ 
nating  the  meetings  and  e-mails  previous¬ 
ly  required  to  define  discretionary  work. 

■  It  would  provide  them  with  an  official  ac¬ 
knowledgment  that  IT  had  received  and  was 
considering  their  requests,  eliminating  the 
need  for  constant  follow-up  meetings  to  en¬ 
sure  that  their  projects  were  addressed. 

We  told  the  business  people  that  we 

needed  requests  for  all  work,  including 
projects  that  they  simply  assumed 
would  get  done.  This  process  forced 
the  business  side  to  recognize  the  work¬ 
load  impact  of  annual  projects  that 
were  previously  an  invisible  contribu¬ 


tion  by  IT,  like  generating  W-2  forms. 

MAKE  THEM  PARTICIPATE.  Making  busi¬ 
ness  staffers  write  their  own  work  re¬ 
quests  was  a  big  change.  We  explained 
that  this  wasn’t  an  attempt  to  dismiss 
their  needs  but  a  way  for  them  to  justi¬ 
fy  the  work  they  wanted  us  to  do.  Using 
a  form  also  made  them  define  the  prob¬ 
lem  instead  of  specifying  a  solution. 

To  assist  them,  we  created  seven 
general  categories,  or  queues,  called 
IT  Programs  and  appointed  a  project 
manager  as  a  single  point  of  contact 
for  each  one.  The  queues  are  broad 
enough  to  encompass  several  depart¬ 
ments.  For  example,  Finance  includes 
areas  like  budgeting,  accounts  payable 
and  accounts  receivable.  Associate 
Services  includes  human  resources, 
payroll  and  the  company  stock  plan. 
Having  this  queue  structure  allowed  us 
to  receive  and  process  work  in  a  more 
uniform  manner  without  creating  a 
fragmented  bureaucracy. 

ASSIGN  OWNERSHIP.  Each  project  man¬ 
ager  “owns”  a  queue  and  is  responsible 
for  receiving  and  managing  work  re¬ 
quests  as  well  as  leading  a  monthly 
meeting  with  the  business  people. 


During  the  meetings,  representatives 
of  the  business  staff  and  technical 
managers  from  IT  review  projects. 
They  look  at  the  pool  of  requests  and 
consider  factors  driving  each  one  from 
both  a  business  and  an  IT  perspective: 
internal  deadlines,  legal  changes,  re¬ 
source  availability  and  funding,  among 
others.  They  reference  budgets  and 
technical  road  maps  to  justify  the 
decision  to  implement  or  reject  the 
request.  In  almost  all  cases,  this  team 
decides  the  priority  of  each  request, 
seeking  management  guidance  only  on 
the  rare  occasions  when  it’s  needed. 

The  standing  agenda  includes  a  dis¬ 
cussion  of  future  needs  so  we  can  ad¬ 
just  staffing  plans  in  advance  instead  of 
reacting  to  unexpected  requests.  This 
also  allows  the  business  people  to  see 
the  effects  of  additional  work  on  cur¬ 
rent  priorities. 

TAKE  IT  ON  THE  ROAD.  We  introduced  the 
process  to  the  business  through  a  se¬ 
ries  of  presentations,  inviting  anyone 
who  might  ever  submit  a  request. 

We  explained  what  we  were  doing 
and  why  and  gave  a  step-by-step  ex¬ 
ample  of  how  to  complete  a  request. 
We  gave  them  our  start  date,  and  from 


that  date  forward,  we  accepted  only 
requests  made  with  the  new  form. 

MAINTAIN  THE  SYSTEM.  We  review  the 
project  list  in  our  weekly  IT  team 
meeting.  The  assigned  staffer  updates 
the  online  form  and  the  system  assigns 
it  a  status  of  “submitted.”  As  the  re¬ 
quest  moves  through  the  system,  the 
status  changes  automatically  until  the 
work  reaches  a  state  of  “completed”  or 
is  at  any  point  “rejected.”  It’s  important 
to  keep  the  information  current,  be¬ 
cause  an  outdated  status  damages  our 
credibility  with  the  business  units. 

FOLLOW  UP.  After  we  complete  a  discre¬ 
tionary  project,  we  send  a  survey  asking 
the  requester  to  rank  our  performance  in 
these  five  areas  on  a  scale  of  1  to  5: 

m  Were  you  satisfied  with  the  product/ 
service  delivered? 

«  Were  the  benefits/desired  outcomes 
achieved? 

■  Was  the  product/service  delivered 
on  schedule? 

■  Did  the  IT  team  member  demonstrate 
necessary  skills? 

•  Was  the  IT  team  a  professional  and 
effective  business  partner? 

We  also  include  a  text  field  to  allow 
responses  to  this  request:  “Please  de¬ 
scribe  what  the  IT  team  could  do  to 
improve  its  performance  in  delivering 
future  work  requests.” 

Results  from  this  survey  have  been 
overwhelmingly  positive  and  provide 
good  feedback  on  individual  perfor¬ 
mances.  They  have  made  previously 
unknown  IT  accomplishments  visible 
to  the  business  and  IT  management. 
They  are  proof  to  management  of  our 
improved  relationship  with  business 
units  and  the  improved  perception  of 
IT  value.  They  help  justify  the  time  re¬ 
quired  to  run  the  system,  and  the  acco¬ 
lades  give  the  IT  staff  a  morale  boost. 

ALLOW  THE  SYSTEM  TO  EVOLVE.  Over 
time,  we’ve  added  and  modified  field 
contents  to  make  the  system  more  ef¬ 
fective.  We’ve  experimented  with  nam¬ 
ing  conventions,  classifications  and 
rankings  as  part  of  a  continuing  effort 
to  better  identify  and  track  priorities. 
Some  changes  worked;  some  didn’t. 

We’re  still  trying.  We  haven’t  yet  found 
the  perfect  system  for  discretionary 
requests,  but  we  now  have  one  that 
works  pretty  well.  It  has  improved  our 
business  relationships,  our  reputation 
and  our  morale.  And  it  has  again  made  . 
the  middle  a  safe  place  to  be.  ©  55377 


Sullivan  is  an  IT  project  manager  at  The 
Reynolds  and  Reynolds  Co.  He  can  be 
reached  at  john_sullivan@reyrey.com. 


Don’t  have  a  long  debate  about  how  to  classify  your 
work  requests.  6et  fast  agreement  on  some  basic  infor¬ 
mation  and  get  started.  Terms  and  categories  can  evolve 
as  needed.  Here’s  a  list  of  what  we  require: 


HEADLINE: 

A  one-line  summary  of  the  requested  work  that  serves  as  its  title  -  for 
example,  “Add  Middle  Initial  to  Buyer  Name.”  Even  though  an  automat¬ 
ed  system  assigns  a  number  to  the  work  request,  this  field  becomes 
the  common  name  and  is  used  on  reports.  Hint:  Have  your  business 
people  write  the  description  (see  below)  before  they  write  the  headline: 
they  will  find  the  title  within  their  description. 

PRODUCT: 

A  broad  classification  for  the  area  in  which  the  work  occurs.  These 
already  existed  for  the  products  we  sell,  so  we  created  “INTSYS"  as 
a  global  category  for  our  internal  systems. 

APPLICATION: 

A  subset  of  the  product  category,  this  is  the  specific  area  in  need  of 
work.  It  might  be  Accounting  or  Finance.  Our  internal  systems  are 
all  handled  by  a  unit  called  the  Competency  Center,  so  we  created 
“C0MPCTR”  for  all  inside  applications. 

COMPONENT: 

A  more  detailed  subset  of  categories  for  our  internal  systems.  For  ex¬ 
ample,  work  for  our  SAP  system  can  be  subclassified  as  “SAP_AR 
(accounts  receivable)”  or  ”SAP_PAYR0LL.” 

SUBMITTER: 

The  person  making  the  request. 

DESCRIPTION: 

What  you  want  to  be  done.  “Fix  it”  isn't  a  specific  enough  description, 
so  in  our  “road  show”  we  suggested  starting  with  the  phrase  “ability 
to,”  as  in  “Ability  to  sort  by  product  number." 

BUSINESS 

JUSTIFICATION: 

Why  the  company  needs  this  work  done.  For  example,  “It  increases  sales, 
reduces  cost  and  improves  service.” 

YOU 

VS 

THE  25-HOUR  DAY 


IBM  MIDDLEWARE  HAS  AN  EASIER,  BETTER  WAY  TO  DO  BUSINESS.  IBM®  Workplace"1  solutions.  Everything  you  need  to  stay 
on  top  of  your  business  is  in  one  easy-to-use  environment.  It’s  a  breeze  to  use  because  it’s  based  on  your  role.  Work  more  effectively, 
productively'and,  yes,  quickly.  Plus,  it's  as  secure  as  it  is  reliable.  IBM  Workplace.  It’s  a  team  thing.  It’s  a  productivity  thing.  It’s  simply  a  better  way  to  work. 

TO  LEARN  MORE,  VISIT  IBM.COM/MIDDLEWARE/PRODUCTIVITY 


IBM  Workplace 
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LEAA:  rr  Doesn’t 
Look  Like  America 

Most  minorities  poorly  represented; 
women’s  presence  has  fallen  since  1996 


THE  PERCENTAGE  OF  WOMEN  and 

most  racial  minorities  in  the  U.S.  IT 
workforce  continues  to  lag  the  per¬ 
centages  of  the  national  workforce, 
according  to  a  study  released  last 
month  by  the  Information  Technology 
Association  of  America. 

According  to  the  ITAA  report,  “Un¬ 
tapped  Talent:  Diversity,  Competition 
and  America’s  High  Tech  Future,”  His- 
panics,  who  make  up  12.9%  of  the 
U.S.  workforce,  accounted  for  only 
6.4%  of  the  IT  workforce  in  2004.  The 
figure  represents  a  slight  increase  from 
5.3%  in  1996.  Blacks,  who  accounted 
for  10.7%  of  the  U.S.  workforce  in 
both  1996  and  2004,  have  more  pro¬ 
portional  representation  in  IT  than  His- 
panics,  at  8.3%.  But  that  was  a  de¬ 
cline  from  10%  of  the  IT  workforce  in 
2000.  However,  that  doesn’t  mean  the 
U.S.  IT  workforce  is  whiter  than  the 
overall  workforce:  There  are  6.6%  few¬ 
er  whites  in  the  IT  workforce  than  in  the 
overall  workforce.  One  of  the  greatest 
differences  between  the  IT  workforce 
and  the  country  as  a  whole  may  be  in 
representation  by  Asians.  They  account 
for  4.3%  of  the  general  U.S.  workforce 
but  12.1%  of  the  IT  workforce. 

Another  big  difference  is  the  per¬ 
centage  of  women.  In  2004,  according 
to  the  ITAA  study,  women  made  up 
32.4%  of  the  IT  workforce  in  the  U.S. 
That  represents  a  decline  from  a  high 


of  41%  in  1996.  In  the  overall  work¬ 
force,  the  percentage  of  women  rose 
slightly,  from  46%  to  46.5%.  The 
ITAA  attributed  the  decline,  in  large 
part,  to  the  fact  that  one  out  of  every 
three  women  in  the  IT  workforce  falls 
into  administrative  job  categories, 
which  have  shrunk  significantly  in 
recent  years. 

In  a  press  release,  ITAA  President 
Harris  N.  Miller  said  the  U.S.  “can  ill 
afford  to  miss  out  on  anyone  with  the 
right  aptitude,  skills  and  motivation  to 
succeed  in  technical  fields.”  To  in¬ 
crease  the  number  of  women  and  mi¬ 
norities  in  IT,  the  organization  called 
for  the  following: 


A  stronger 
commitment  from 
corporate  leadership. 

Increased  corporate  out¬ 
reach  and  mentoring. 

Stronger  partnerships 
between  companies  and 
colleges  and  universities. 

More-flexible  work 
arrangements  for  IT 
workers. 


Base:  Data  in  the  ITAA's  report  is  based 
on  the  U.S.  Bureau  of  Labor  Statistics' 
Current  Population  Surveys. 


ASK  A  PREMIER  100  IT  LEADER 


Jesus  V 


TITLE:  Vice 
president 
and  CIO 


. 

Keystone 

Automotive 

Industries 


Arriaga  is  this  month’s  guest 
Premier  100  IT  Leader,  answer¬ 
ing  a  reader’s  question  about 
landing  a  CIO  job.  If  you  have 
a  question  you’d  like  to  po  ;e  to 
one  of  our  Premier  30  IT  Lead¬ 
ers,  send  it  to  askaleader® 

and  watch 

for  this  column  each  month. 


I  have  a  bachelor  of  science  degree 
from  West  Point  and  a  master  of  sci¬ 
ence  degree  from  Johns  Hopkins.  I  left 
the  military  after  seven  years.  I  have 
been  a  Big  Five  consultant,  network 
security  engineer  and  software  devel¬ 
oper.  My  goal  is  to  become  a  CIO,  but  I 
don’t  have  anyone  to  advise  me  on  my 
next  move.  Any  suggestions?  The  day 
I  set  my  sights  on  the  CIO  position,  I  deter¬ 
mined  to  put  a  plan  in  place  toward  that 
goal.  What  I  can  offer  you  are  my  experi¬ 
ences  and  what  I  did  to  prepare  myself  for 
the  day  that  office  became  available  to  me. 

I  quickly  learned  that  to  be  an  effective 
CIO,  I  would  need  a  balanced  skill  set  in  both 
technical-  and  management-related  areas. 

I  had  the  technical  area  covered  because  I 
knew  I  was  strong  in  both  infrastructure  and 


software  engineering.  But  management 
skills  set  you  apart  as  a  candidate  for  the 
CIO  seat.  As  IT  people,  we  can  be  pigeon¬ 
holed  as  the  “computer  guy.”  Take  manage¬ 
ment  courses  and  read  books  on  manage¬ 
ment  and  leadership  principles.  You  can 
learn  a  lot  that  way. 

As  you  learn,  see  what  you  can  do  to  get 
involved  in  management-related  issues  at 
the  companies  you  work  for.  I  sought  out  op¬ 
portunities  to  participate  in  meetings  and 
discussions  outside  of  the  technical  arena. 
The  beauty  of  IT  is  that  we  touch  every  area 
of  an  organization.  Departments  and  busi¬ 
ness  unit  owners  need  IT  staff  involved 
to  assist  with  the  planning  and  decision¬ 
making  process.  Most  likely,  your  company’s 
department  manager,  director  or  CIO  is  al¬ 
ready  involved  at  this  level.  Offer  your  ser¬ 
vices  and  become  a  participant  in  these 
meetings  and  take  on  additional  duties  that 
will  allow  you  to  demonstrate  the  skills  you 
are  learning.  As  you  get  involved,  if  there  is 
something  you  don’t  understand,  don't  be 
afraid  to  ask  questions.  Participating  at  this 
level  helped  further  solidify  my  knowledge 
and  understanding  of  management  princi¬ 
ples.  I  also  started  to  get  a  better  under¬ 
standing  of  what  it  takes  to  run  a  company. 

Having  one  mentor,  or  more,  who  can 
help  guide  you  through  the  executive  man¬ 
agement  forest  is  also  an  important  part  of 
the  building  process.  Although  it’s  a  plus  if 
this  person  is  a  CIO,  what’s  important  is  that 
he  is  in  an  executive  management  role  with 
proven  experience  that  he  can  share.  If  you 
don't  know  anyone,  attend  computer  confer¬ 
ences  where  you  can  meet  CIOs.  Ask  them 
how  they  became  a  CIO.  You  might  be  sur¬ 
prised;  many  are  open  to  sharing  their  expe¬ 
riences  without  reservation.  One  or  more  of 
the  folks  you  meet  may  be  open  to  mentoring 
you,  even  if  it  means  just  being  available  to 
correspond  on  a  regular  basis.  ©  55230 


H  ring  Outlook 


is  reporting  significant  increases  in  job  postings  throughout  the 


technology  employment  market.  Since  the  beginning  of  the  year,  postings  on 
Dice.com  have  risen  26%  to  69,957.  Much  of  this  growth  can  be  attributed  to 
strong  gains  in  certain  metropolitan  areas:  Philadelphia  is  up  41%,  New  York 
38%,  Boston  36%  and  Dallas  35%. 

Requests  for  project  managers  have  also  shown  strong  growth  since  January, 
rising  42%  to  9,611  postings.  Demand  for  programming  skills  continues  to  grow 
this  year  as  well,  with  .Net  requests  increasing  52%,  HTML  38%  and  XML  37%. 
Meanwhile,  the  demand  for  | 


NUMBER  OF  CONTRACT  VS.  PERMANENT  POSITIONS  ON  OICE.COM  AS  OF  JUNE  1 
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How  much  of  your  stored  data  can  you  afford  to 


(Why  even  let  it  be  an  option?) 


CSS* 


HP  StorageWorks™  Ultrium  960 
External  SCSI  Tape  Drive 

•  Capacity:  400GB  native/80OGB  compressed' 

•  External  LTO-3  tape  drive 

•  High  capacity — meets  the  backup  storage  needs 
for  most  servers  with  a  single  data  cartridge 

•  Ultra  fast  performance — backup  more  data  in 
less  time  with  a  transfer  rate  of  1 60MBps 


Quantum  CLL  6400  LTO-3  Autoloader 

•  Single  LTO-3  drive  with  8  cartridge  slots 

•  Capacity:  3.2TB  native/6.4TB  compressed' 

•  Data  transfer  rate:  245GB  per  hour  native/490GB 
per  hour  compressed’ 

•  2U  Ultra-dense  rack  form 


Media  sold  separately 

Iomega  REV™  Autoloader  1000 

•  Provides  a  complete  backup  solution  that  includes 
enterprise-level  backup  and  disaster  recovery  software 

•  Capacity:  up  to  350GB  native/700GB  compressed 

•  No  cleaning  or  maintenance  required;  utilize  the 
full  10  disks  for  backing  up 

•  Rigid  disks  offer  virtually  unlimited  rewriteability 

•  Password  protect  confidential  data  and  encrypt 
your  backups 


$615964 


Quantum 


$7799 


D 

Iomega 


$179925 


COW  711647. 


The  Storage  Solutions  You  Need  When  You  Need  Them. 

We  don't  have  to  tell  you  that  data  loss  can  be  a  financial  blow  to  any  company.  And  with  more  data  being 
stored,  more  assets  are  at  stake.  CDW  has  a  full  line  of  top-name  storage  solutions  that  can  help  you  increase 
capacity  and  reduce  risk.  And  our  account  managers  have  the  expertise  to  ensure  you  get  the  right  solution  for 
your  needs.  So  you  don't  just  get  secure  storage,  you  get  peace  of  mind. 


Assumes  2:1  compression  ratio.  Offer  subject  to  CDW's  standard  terms  and  conditions  of  sale,  available  at  CDW.com.  ©  2005  CDW  Corporation 
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The  Right  Technology.  Right  Away 
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EXEC  TRACK 


Vielehr  Tapped  for 
CIO  Post  at  D&B 

Global  information  provider  The 
Dun  &  Bradstreet  Corp.  has 
named  BYRON  C.  VIELEHR  CIO. 
Vielehr  joins  the  Short  Hills,  N.J.- 
based  company  from  NorthStar 
Systems  International  Inc.,  where 
he  served  as  president  and  chief 
operating  officer.  Previously, 
Vielehr  served  as  chief  technolo¬ 
gy  officer  in  the  private  client 
group  at  Merrill  Lynch  &  Co.,  and 
earlier  he  was  CTO  and  global 
head  of  e-business  for  Merrill 
Lynch  Investment  Managers. 


Spratt  Named 
CIO  at  McKesson 

McKesson  Corp.,  a  health  care 
services  and  IT  company  in  San 
Francisco,  has  appointed  RAN¬ 
DALL  N.  SPRATT  CIO.  Spratt  re¬ 
places  Cheryl  T.  Smith,  who  left 
the  company  in  May.  He  will  re¬ 
port  to  Chairman  and  CEO  John 
H.  Hammergren  and  will  serve  on 
McKesson’s  executive  committee. 
Spratt  has  been  with  McKesson 
for  more  than  18  years,  most  re¬ 
cently  as  chief  process  officer  for 
McKesson  Provider  Technologies, 
the  company’s  medical  software 
and  services  division. 


Pieroni  CIO  at  Aon 

Chicago-based  Aon  Corp.,  a  pro¬ 
vider  of  risk  management  ser¬ 
vices  and  insurance,  announced 
the  appointment  of  BILL  PIERONI 
as  global  CIO.  Pieroni  joined  Aon 
from  IBM,  where  he  was  head  of 
the  global  insurance  industry 
practice. 


Hiniker  Appointed 
CTO  at  Quepasa 

Quepasa  Corp.,  a  Phoenix-based 
provider  of  online  products  and 
services  to  Hispanic  and  Latino 
users,  has  named  AARON  HINIKER 
CTO.  Hiniker  will  lead  Quepasa’s 
technology  group  as  well  as  its 
near-shore  development  capabili¬ 
ties,  which  are  provided  via  whol¬ 
ly  owned  subsidiary  Quepasa.com 
de  Mexico  SA. 


BART  PERKINS 


A  Separate  IT  Capital 
Pool  Makes  No  Sense 


Many  corporations  separate  the 

allocation  of  IT  capital  from  the  proc¬ 
ess  that  allocates  corporate  capital  in 
general.  This  approach  is  misguided. 
Corporations  don’t  have  IT  capital  and 
non-IT  capital.  Capital  should  be  allocated  to  the  pro¬ 
grams  or  projects  with  the  highest  return  to  the  corpo¬ 
ration  (with  obvious  exceptions,  such  as  regulatory 
compliance  and  not-for-profit  endeavors). 


Uvwra8«Partners.c 


All  capital  allocations 
should  come  from  a  single 
pool.  This  approach  allo¬ 
cates  capital  more  effective¬ 
ly.  It  facilitates  portfolio 
management  by  evaluating 
all  proposed  projects  to¬ 
gether.  It  allows  the  compa¬ 
ny  to  allocate  capital  in  ac¬ 
cordance  with  corporate 
strategy  while  balancing 
risk  and  skills  across  the  en¬ 
terprise.  A  single  pool  of 
capital  will  also  accomplish 
the  following: 

■  Establish  corporate  priori¬ 
ties.  Wrestling  with  a  single 
pool  of  capital  forces  the  ex¬ 
ecutive  team  to  discuss  and 
agree  on  corporate  business 
priorities.  This  can  help  you  avoid  a  sit¬ 
uation  like  the  one  a  retail  client  of  mine 
found  itself  in.  The  company  had  sepa¬ 
rated  IT  investments  from  corporate 
funding  for  new-store  construction. 

The  committee  approving  store  fund¬ 
ing  never  considered  IT  projects  as  al¬ 
ternate  investment  opportunities.  As  a 
result,  the  client  failed  to  invest  in  sev¬ 
eral  IT  projects  that  would  have  had  a 
higher  return  than  building  new  stores. 

■  Facilitate  risk  management.  High- 
return  programs  are  often  very  risky, 
and  most  companies  have  a  limit  on  the 
level  of  risk  they’re  willing  to  undertake 
at  once.  They  may  choose  to  defer  some 
high-return  programs  if  the  overall  risk 
profile  gets  too  high.  A  single  pool  of 
capital  makes  that  easier  to  gauge. 


baht  per«ins  is  manag¬ 
ing  partner  at  Louisville, 
Kv  -based  Leverage  Part¬ 
ners  Inc.,  which  helps 
organizations  Invest  well 
in  IT.  He  was  previously 
CIO  at  Tricon  Global 
,  Restaurants  Inc.  and 
Dole  Food  Co. " 
him  at 


■  Exhibit  fiduciary  responsibil¬ 
ity.  Shareholders  expect 
companies  to  invest  their 
capital  where  it  will  pro¬ 
vide  the  highest  return, 
regardless  of  arbitrary  cor¬ 
porate  divisions  or  internal 
politics. 

■  Improve  the  quality  of  busi¬ 
ness  cases  across  the  corpora¬ 
tion.  Allocating  capital  from 
a  single  pool  provides  con¬ 
sistent  criteria  for  evaluat¬ 
ing  programs  and  making 
trade-offs.  Each  business 
case  must  be  robust  enough 
to  withstand  scrutiny  at  the 
corporate  level.  This  forces 
all  programs  to  be  better 
defined,  planned  and  esti¬ 
mated  [QuickLink  54603]. 

■  Involve  IT  early  in  the  project  life  cycle. 
Having  a  single  pool  of  capital  helps 
prevent  IT  from  being  excluded  from 
“business”  projects.  One  company  built 
a  number  of  new  manufacturing  plants, 
each  with  a  different  IT  base.  Since  new 
plants  weren’t  considered  IT  projects, 
the  IT  organization  wasn’t  involved  un¬ 
til  construction  of  the  plants  was  well 
under  way.  IT  never  had  the  opportuni¬ 
ty  to  suggest  a  common  platform  for 
the  manufacturing  systems.  As  a  result, 
the  company  was  left  with  a  chaotic 
and  unsupportable  IT  infrastructure. 
This  unnecessary  and  expensive  mis¬ 
take  could  have  been  prevented  if  IT 
had  been  part  of  the  capital  allocation 
process. 


■  Help  demonstrate  IT's  value  to  business 
initiatives.  Virtually  every  IT  project  is 
really  a  business  program  with  an  IT 
component.  Even  most  infrastructure 
projects  are  really  undertaken  to  im¬ 
prove  the  support  provided  to  the  busi¬ 
ness  as  a  whole.  Funding  from  a  single 
pool  of  capital  clearly  demonstrates 
that  IT  support  is  integral  to  the  busi¬ 
ness.  (This  is  especially  useful  at  com¬ 
panies  that  don’t  value  IT’s  contribu¬ 
tion  appropriately.) 

■  Change  the  CIO’s  role  in  the  funding 
process.  With  one  capital  pool,  the  CIO 
should  no  longer  be  the  only  voice  ar¬ 
guing  for  IT  funding.  In  most  cases,  the 
justification  should  fall  to  the  executive 
sponsor  of  the  corresponding  business 
initiative.  Similarly,  many  CIOs  current¬ 
ly  run  the  allocation  process  for  IT  cap¬ 
ital.  With  a  single  pool  of  capital,  the 
executive  who  oversees  corporate  capi¬ 
tal  allocations,  typically  the  CFO,  will 
manage  the  entire  allocation  process. 

(In  companies  with  difficult  political 
situations,  an  outside  consultant  may 
be  hired  to  establish  the  new  allocation 
process  and  ensure  that  it’s  impartial.) 

■  Remove  arbitrary  limits  on  IT  capital. 
When  the  capital  pool  available  to 
IT  becomes  the  entire  capital  pool  of 
the  corporation,  specific  limits  on  IT 
capital  are  essentially  eliminated.  In 
theory,  as  long  as  the  proposed  pro¬ 
grams  will  generate  a  high  enough  risk- 
adjusted  return,  the  corporation  should 
fund  them  even  if  it  has  to  borrow  the 
capital. 

A  single  pool  of  capital  ensures  that 
IT  program  funding  is  based  on  busi¬ 
ness  benefits,  not  technical  merits.  This 
approach  will  provide  better  IT  support 
for  your  company’s  business  initiatives, 
so  persevere  beyond  the  politics  and 
push-back.  Funding  from  a  single  pool 
of  capital  will  leverage  your  company’s  - 
available  capital  resources  to  provide 
the  best  possible  return.  ©  55114 
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Get  na  1  A  out  Storage 

This  new  report  offers  practical 
advice  about  saving  money,  protecting 
data  ;  id  implementing  information 
life-cycle  management. 

store.computerworld.com/re  rage01.htm 


Last  one  on  board  the  IT  train 


Television  is. 

■  Bandwidth  intensive 

•  Extremely  latency  sensitive 

■  CPU  cycle  hog 
Extremely  risk  averse 

•  Super  Bowl  spot  >  $2,000,000 

•  Buy  automation  operate  it  manually!  n 
Lagging  in  the  leveraging  of  IT  technology 


tlkau-ied  150Kbps  5  38/28  01 


Spoakor: 

Andre  Mandats,  Chief  Technology 
Integration  Officer.  PBS 

Venue: 

Storage  Networking  World. 

Ap#a  6. 2004.  Phoenix,  Arizona 
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Webcast 


Storage  -  Optimizing  Public 
Televison’s  Content  Supply  Chain 

In  this  webcast  from  Storage  Networking 
Wo  Id,  Andre  Mendes  of  PBS  discusses 
some  of  his  organization’s  unique  storage, 
distribution  and  delivery  issues. 

www.computerworld.com/webcast01 


THE  VOICE  OF  IT  MANAGEMENT  ))) 


C9MPUTERW0RLD 

OIWIEMAHD 

Optimizing  Public  Television’s 
Content  Supply  Chain 

Omnisoft,  Inc., 

We  are  looking  for  the  following 
position  in  any  of  the  skills. 
Technical  Services  Managers/ 
Data  Processing  Manager: 
Direct  daily  operations  of  depart¬ 
ment,  analyze  workflow,  estab¬ 
lish  priorities.  Develop  computer 
information  resources,  provide 
data  security  and  control,  strate¬ 
gic  computing,  and  disaster 
recovery.  Knowledge  in  ERP 
packages  using  SAP,  EDI, 
Workflow,  Business  Connector, 
.NET,  Business  Objects, 
PeopleSoft,  PeopleTools  pro¬ 
grams  using  ASP,  DB2, 
SQL/Oracle,  UNIX/NT.  Req. 
M.S.  in  Comp.  Science  or  Engg. 
&  lyr  of  exp,  or  B.S.  in  Comp. 
Science  or  Engg.  +5  yrs  of  exp. 
Software  Engineers:  Research, 
design,  develop,  test,  &  recom¬ 
mend  software  requirements  for 
E-commerce  database  applica¬ 
tions.  Use  Oracle,  Java,  Perl, 
XML,  Solaris,  Web  logic,  C++  & 
current  Web  Technologies  in 
Windows,  Unix,  and  Linux  envi¬ 
ronments.  Need  B.S.  in  Comp. 
Science  or  Engg.  or  related  and 
2  yrs  of  exp. 

Programmer  Analysts:  Design  & 
develop  Enterprise  Resource 
Planning,  Customer  Relation¬ 
ship  Management,  ASP, 
Datawarehouse  applications. 
Use  current  web  technologies, 
web  services,  Stored  proce¬ 
dures  and  SQL.  Work  in  Unix 
Environment  and  Unix  Schell 
Scripting.  Need  2  yrs  of  exp. 
Send  resume  to:  HR  Manager, 
Omnisoft,  Inc.,  930  Mason  St., 
Dearborn,  Ml  48124  or  via  e- 
mail  at:  sreenivas@omnisoft- 
inc.net 

Subhashini 

Software  Solutions,  Inc. 

We  are  looking  for  the  following 
position  in  any  of  the  skills. 
Technical  Services  Managers/ 
Data  Processing  Manager: 
Direct  daily  operations  of  depart¬ 
ment,  analyze  workflow,  estab¬ 
lish  priorities.  Develop  computer 
information  resources,  provide 
data  security  and  control,  strate¬ 
gic  computing,  and  disaster 
recovery.  Knowledge  in  ERP 
packages  using  SAP,  EDI, 
Workflow,  Business  Connector, 
.NET,  Business  Objects,  People- 
Soft,  PeopleTools  programs 
using  ASP,  DB2,  SQL/Oracle, 
UNIX/NT.  Req.  M.S.  in  Comp. 
Science  or  Engg.  &  lyr  of  exp, 
or  B.S.  in  Comp.  Science  or 
Engg.  +5  yrs  of  exp. 

Systems  Analysts:  Research, 
design,  develop,  test,  &  recom¬ 
mend  software  requirements  for 
E-commerce  database  applica¬ 
tions.  Use  Oracle,  Java,  Perl, 
XML,  Solaris,  Web  logic,  C++  & 
current  Web  Technologies  in 
Windows,  Unix,  and  Linux  envi¬ 
ronments.  Need  B.S.  in  Comp. 
Science  or  Engg.  or  related  and 
2  yrs  of  exp. 

Programmer  Analysts:  Design  & 
develop  Enterprise  Resource 
Planning,  Customer  Relation¬ 
ship  Management,  ASP, 
Datawarehouse  applications. 
Use  current  web  technologies, 
web  services,  Stored  proce¬ 
dures  and  SQL.  Work  in  Unix 
Environment  and  Unix  Schell 
Scripting.  Need  2  yrs  of  exp. 
Send  resume  to:  HR  Manager, 
Subhashini  Software  Solutions, 
Inc.  930  Mason  St.,  Dearborn, 
Ml  48124  or  via  e-mail  at: 
sreenivas@subhashinisoft- 
ware.net 

Integ  Enterprise  Consulting,  Inc. 
seeks  System  Analyst  in  our 
Newark,  NJIocUnder  close 
supervision:  Design/develop 

software  applications,  graphical 
user  interfaces  etc.  Administer, 
manage  &  support  Windows  NT/ 
2000  based  networks,  database 
systems,  web  servers,  email 
servers,  data  collection  systems 
etc.  Instali/configure/support 
common  application  &  network¬ 
ing  software,  computer  hard¬ 
ware,  operating  systems, 
peripherals  etc.  Knowledge  of 
developing  applications  and 
graphical  user  interface  using 
VB,  ASP,  configuring  and  sup¬ 
porting  Windows  NT/  2000 
based  networks,  database  man¬ 
agement  systems,  MS  SQL 
Server,  SQL,  queries,  views, 
and  stored  procedures.  Install, 
configure  and  support  common 
application  software.  Must  have 
MCSE,  Bachelor's  degree  in 
Computer  Information  Systems 
or  related  field,  and  two  years 
relevant  experience.  Resume  to 
Aida  Malik,  Integ  Enterprise 
Consulting,  Inc.,  38  East  Park 
St.,  NewarkNJ07102. 

Hibachi  Chef  (Toms 
River):  Prepare,  sea¬ 
son,  and  cook,  hibachi 
dishes  such  as  veg¬ 
etable,  meats  &  sea¬ 
foods  acdg.  To  recipes 
or/per  cust.  Order, 
demonstrate  cooking 
technique  to  the  cus¬ 
tomer  $21.56  pr/hr. 
2yrs  exp.  Fax  Res. 
(732)  281-1233  Attn: 
Patrick  Chu. 

SALES  SPPT  ENG'G 

Sell  CTI  products  to 

customers.  Req'd:  5 

yrs  exp.  in  job.  Resum¬ 
es:  NICE  Systems  Inc. 

301  Route  17  North, 

10th  Floor,  Rutherford, 

NJ  07070.  Attn.  G. 

Farese,  Ref  14. 

Business  Application  Spe¬ 
cialist  needed  in  Jackson¬ 
ville,  FL.  Bachelors  in 
Information  Technology  or 
related  field  plus  2  years 
experience  required.  Fax 
resume  Attn:  H.  Ricker  at 
(904)  928-8783  or  mail  to 
International  Paper  Attn: 
H.  Ricker  4600  Touchton 
Rd.  East,  Bldg  100,  Suite 
500,  Jacksonville,  FL 
32246. 

Computer  Software 
Engineer  w/exp.  in 
designing  question¬ 
naire  software  sys¬ 
tems.  To  work  in 
Chamblee,  GA.  Send 
resume  to  Michelle 
Lehtonen,  SAIC,  1710 
SAIC  Drive,  MST  1-2- 
1,  McLean,  VA22102. 
Must  ref  job  code 
GW1 20392. 

RSCH  &  DEV.  MGR 
-  Mge  comp,  tech¬ 
nology  use  w/  em¬ 
phasis  on  rsch  & 
devlp  new  products. 
Req'd:  4  yrs.  exp. 
Structured  Web,  Inc. 
110  B  Meadowlands 
Parkway,  Secaucus, 
NJ  07084  Attn:  D. 
Nissan. 

Programmer  Analyst  need¬ 
ed  w/2  yrs  exp  to  design, 
develop  &  maintain  client/ 
server  &  n-tier  based  applic. 
using  Delphi,  Object  Pas¬ 
cal,  C,  C#,  COM/DCOM, 
COM+,  XML,  SOAP,  T-SQL 
&  Sybase  SQL  Anywhere. 
Mail  resumes  to:  Triple 
Point  Tech.,  Inc.,  301  River¬ 
side  Ave.,  Westport,  CT 
06880.  Job  Loc:  Westport, 
CT  or  in  any  unanticipated 
locations  in  U.S.A. 

Computer  Professional  NY  bas¬ 
ed  IT  firm,  Jr.  Level  Positions 
Programmer  Analysts,  Software 
Engineers,  Systems  Analysts, 
Database  Administrators  to  De¬ 
velop,  create,  and  modify  gener¬ 
al  computer  applications  soft¬ 
ware  or  specialized  utility  pro¬ 
grams.  Analyze  user  needs  and 
develop  software  solutions. 

Sr.  Level  Position,  IT  Manager, 
MIS  Manager,  ITS  Director 
needed  to  Plan,  direct,  or  coordi¬ 
nate  activities  in  such  fields  as 
electronic  data  processing,  infor¬ 
mation  systems,  systems  analy¬ 
sis,  and  computer  programming. 
Apply  with  2  copies  of  resume  to 
H.R.D,  Jean  Martin,  Inc.  551 
Fifth  Avenue  14th  FI.  New  York, 
NY  10176. 

IMP.  ENG'G 

Dsgn,  implement,  & 
test  CTI  products  at 
client  sites.  Req'd:  BS 
&  3  yrs.  experience. 
Willingness  to  travel 
80%  of  time.  Resumes: 
Nice  Systems,  301 
Route  17  North,  10th 
Floor,  Rutherford,  NJ 
07070.  Attn:  G.  Farese, 
Ref  13. 

Systems  Analyst  needed  w / 
Bach  or  foreign  equiv.  in  Comp. 
Sci.  or  engg  or  math  &  1  yr  exp 
to  dsgn,  dev,  test  &  implmt 
Oracle  Applic  ERP  &  CRM. 
Analyze  user  reqmts  to  auto¬ 
mate  &  improve  comp  systm  to 
Oracle  ERP  &  CRM.  Dsgn.  dev 
&  deploy  customizations  using 
Oracle  Jdvlpr  Perform  conver¬ 
sion  of  data  into  Oracle  applic. 
using  SQL  Loader,  Data  Loader 
on  Win  2000,  HP-UX,  Sun 
Solaris  platforms.  Res  to: 
Optima  Technology  Partners, 
Inc.,  9  Mount  Pleasant  Tpke,  Ste 
103,  Denville,  NJ  07834.  Job 
loc:  Denville,  NJ  or  any  unantici¬ 
pated  Iocs  in  US. 

Systems  Analysts 

Design,  develop  &  imple¬ 
ment  Oracle  ERP/MFG/ 
CRM/PROJECTS  appli¬ 
cations  on  Oracle  data¬ 
bases.  Req.  2  yrs  of  exp. 
Send  resume  to:  Tech¬ 
nosol  Technologies  LLC, 
H.R,  2606  Peninsulas  Dr. 
Missouri  City,  TX  77459 
or  email:  technosolf® 

technosoltech.com. 

DCSE,  Inc.,  located  in  Aliso 
Viejo,  CA,  seeks  a  Software 
Engineer.  The  position  re¬ 
quires  a  Masters  Degree  in 
Computer  Science  or  Com¬ 
puter  Engineering  and  6 
months  experience  in  Oper¬ 
ations  Analysis,  Program¬ 
ming  and  ArcIMS  Program¬ 
ming.  Fax  resumes  to 
Masoud  Hoseyni,  VP/CFO 
at  949-586-8141  or  mail 
resumes  to:  DCSE,  Inc.,  95 
Argonaut  #  260,  Aliso  Viejo, 
CA  92656  Attn:  Masoud 
Hoseyni. 


Technology  Management  Con¬ 
cepts,  located  in  Los  Angeles, 
CA,  seeks  a  Systems  Analyst 
Consultant.  The  position  re¬ 
quires  a  Masters  Degree  in 
Management  of  Information 
Systems  and  2  years  experi¬ 
ence  in  Complex  Problem 
Solving,  Troubleshooting  and 
Monitoring.  Fax  resumes  to 
Jennifer  Harris,  Director  of 
Consulting  at  310-559-7675  or 
mail  resumes  to:  Technology 
Management  Concepts,  3000 
S.  Robertson  Blvd.,  Suite  250, 
Los  Angeles,  CA  90034,  Attn: 
Jennifer  Harris. 


Computer  -  E4Site  Inc, 
located  in  Torrance,  CA. 
seeks  a  Programmer  An¬ 
alyst.  The  position  requires  a 
Bachelor's  Degree  in  Com¬ 
puter  Information  Systems 
or  equivalent  and  1  year  of 
experience  in  Programming, 
Complex  problem  Solving 
and  Technology  Design.  Fax 
resumes  to  Manoj  Narang, 
Resources  manager  at  310- 
326-6589  or  mail  resumes  to 
E4Site  Inc,  1601  Lockness 
Place,  Torrance  CA  90501 
Attn  -  Manoj  Narang. 


Software  Engineer:  Distribution 
Systems  Technology  (DST), 
Inc.,  located  in  Mission  Viejo, 
CA,  seeks  Software  Engineers. 
The  positions  require  a  Masters 
Degree  in  Computer  Aided 
Engineering  or  Computer 
Science  and  1  year  experience 
in  Operations  Analysis,  Data¬ 
base  Programming  and  Sys¬ 
tems  Analysis.  Fax  resumes  to 
Marian  Hetrick,  Administrative 
Assistant  at  949-770-3292  or 
mail  resumes  to:  DST,  Inc., 
25909  Pala,  Suite  250,  Mission 
Viejo,  CA  92691,  Attn:  Marian 
Hetrick. 


ShellSoft  seeks  IT  professionals 
(DBA,  system  analysts,  software 
engineers),  project  engineers 
using  Oracle,  SAP,  SQL,  Java, 
C/C++.  Min  requirement  is  MS/ 
BS  with  IT  experience.  Competi¬ 
tive  wage.  Some  positions  requi¬ 
re  travel.  Please  send  resume  to 
iobs@shellsoftinc.com.  EOE. 

RGP,  Inc./dba  Quality  Team  1 
seeks  MIS  manager  (Highland 
Park,  Michigan)  to  design,  mon¬ 
itor  &  manage  MIS  (manage¬ 
ment  information  system)  devel¬ 
opment  using  RDBMS.  Must 
have  minimum  MBA  or  MIS 
degree  with  1-yr  exp  in  related 
field.  Send  resumes  to 
info@ateam1  .com.  EOE. 


Ads 

Placed 

Weekly 


Didn’t  find  the 


Computer  &  Informa¬ 
tion  Research  Scien¬ 
tist  to  work  in  IT  labo¬ 
ratory  setting.  Digital 
imaging  and  printing 
experience  a  must. 
Send  resume  to  Patri¬ 
cia  Schoof,  Shutterfly, 
Inc.,  2800  Bridge  Park¬ 
way,  Redwood  City, 
CA  94065.  Must  refer¬ 
ence  job  code  #CIRS. 
EOE. 


IndusRAD  (Peoria,  IL)  seeks 
engineers  &  IT  staff  to  design  & 
develop  application  software  for 
advanced  diesel  engine  using 
ANSI  C  program.  Write  test  plan 
&  procedures.  Must  have  MS  or 
BS  with  exp.  Good  wage  with 
benefits.  Please  send  resume  to 
info@indusrad.com.  EOE. 

Software  engineer,  system  ana¬ 
lyst,  DBA  wanted  by  Deligent 
LLC  to  develop  applications 
using  Oracle,  SQL,  VB,  Java, 
C/C++,  SAP,  AS/400,  Developer 
2000,  Windows  NT.  Minimum  is 
MS  or  BS  with  IT  experience. 
Travel  maybe  required.  Compe¬ 
titive  wage  with  benefits.  Apply 
at  iobs@deliaent.net.  EOE. 


ATTENTION: 

Law  Firms 
IT  Consultants 
Employment  Professionals 


Place  your 
Labor  Certification 
ads  here! 

Are  you  frequently  placing  legal 
or  immigration  advertisements? 

Let  us  help  you  put  together  a 
cost  effective  program  that  will 
make  this  time-consuming  task  a 
little  easier : 


Contact: 

800-762-2977 


www.computerworldcareers.com 


IT  Career 
Opportunity 
you  were 
looking  for? 

iiiiii 

Check  back 
weekly  for 
fresh  job  listings 

placed  by 
top  companies 
looking  for  skilled 
IT  professionals 
like  you! 


iT|careers 

800-762-2977 
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Licensing  Principles 

Americans  for  Fair  Electronic  Commerce  Transactions  has  developed  a  list  of  12 
principles  it  believes  should  govern  licensing  contract  terms.  Among  them  are: 


Continued  from  page  1 

UCITA 

cerned  about  it,”  said  Kinstlick, 
who  maintained  that  stopping 
UCITA  wasn’t  enough. 

“If  there  is  a  void  and  UCITA 
is  the  only  thing  to  take  the 
place  of  the  void,  this  could 
end  up  being  the  model  al¬ 
most  by  default  rather  than 
choice,”  she  said. 

UCITA  is  a  software  licens¬ 
ing  law  that  specifies  terms 
and  conditions  for  licensing 
contracts.  Under  the  act,  un¬ 
less  the  parties  agree  other¬ 
wise,  the  default  terms  apply. 

Its  supporters  argued  that 
UCITA  would  provide  a  legal 
framework  for  online  com¬ 
merce.  Opponents  said  the  de¬ 
fault  rules  favored  vendors 
and  created  potential  perils 
for  corporate  users,  such  as  al¬ 
lowing  vendors  to  knowingly 
ship  defective  products. 

Virginia  approved  the  law 
in  2000,  and  Maryland  quickly 
followed.  But  opponents  — 
especially  those  in  the  finan¬ 
cial  services  industry  —  joined 
the  state-by-state  battle  to 
block  further  adoptions. 

In  August  2003,  the  law’s 
legislative  sponsor,  the  Chica¬ 
go-based  National  Conference 
of  Commissioners  on  Uniform 
State  Laws  (NCCUSL),  sus¬ 
pended  efforts  to  win  state 
adoption. 

Alternative  Options 

But  UCITA  can  still  be  used 
as  a  contract  model,  said  Jean 
Braucher,  a  University  of  Ari¬ 
zona  law  professor  who  is 
working  with  Americans  for 
Fair  Electronic  Commerce 
Transactions  (AFFECT)  to  de¬ 
velop  a  model  bill.  “Eventual¬ 
ly,  we  need  an  alternative,” 
she  said. 

The  model  bill  will  be  based 
on  a  set  of  principles  AFFECT 
developed  earlier  this  year. 

For  instance,  UCITA  all  but 
barred  any  type  of  reverse¬ 
engineering  of  a  software 
product.  But  AFFECT  argues 
in  its  principles  that  “sellers 


marketing  to  the  general  pub¬ 
lic  should  not  prohibit  lawful 
study  of  a  product,  including 
taking  apart  the  product.” 

AFFECT’S  effort  has  drawn 
the  interest  of  the  Chicago- 
based  Society  for  Information 
Management,  an  organization 
of  nearly  3,000  IT  profession¬ 
als.  Phil  Zwieg,  a  SIM  vice 
president,  said  AFFECT’S  ef¬ 
forts  will  be  particularly  help¬ 
ful  to  smaller  companies  that 
don’t  have  the  clout  or  legal 
staff  to  negotiate  a  licensing 
contract. 

AFFECT  hasn’t  decided  on 
its  next  step  or  whether  it  will 
muster  a  lobbying  effort  to 
push  for  state-by-state  adop¬ 
tion  of  its  model  bill. 


Concerns  linger 
about  untested 
handheld  tools 

BY  JAIKUMAR  VIJAYAN 

Companies  looking  to  protect 
data  on  mobile  client  devices 
such  as  notebooks,  handheld 
devices  and  smart  phones 
are  getting  more  options  to 
choose  from. 

Last  week,  Trust  Digital 
Inc.,  a  McLean,  Va.-based  ven¬ 
dor  of  mobile  security  soft¬ 
ware,  released  a  new  version 
of  its  technology  that’s  de¬ 
signed  to  allow  security  ad¬ 
ministrators  to  extend  and 
enforce  access-control  and 
encryption  policies  on  mobile 
devices. 

There  are  several  compo¬ 
nents  to  the  company’s  new 
Trust  Digital  2005  software. 
One  feature  allows  systems 
administrators  to  control  ac¬ 
cess  to  ports  such  as  Universal 
Serial  Bus  (USB),  FireWire 
and  Bluetooth.  The  software 
also  lets  administrators  ensure 
that  critical  information  is 
encrypted  when  it’s  trans¬ 
ferred  to  removable  media 
such  as  USB  thumb  drives 
and  writable  CDs. 


■  Ensuring  that  customers  are 
not  bound  by  terms  simply  be¬ 
cause  they  visit  a  Web  site  or 
open  a  box  containing  a  product. 

■  Making  customers  aware  of 
nontrivial  defects. 


Regardless,  Cem  Kaner,  a 
software  engineering  profes¬ 
sor  at  the  Florida  Institute  of 
Technology  in  Melbourne  and 
a  longtime  critic  of  vendors’ 
software  licensing  practices, 
said  that  for  corporate  users, 
the  licensing  model  “is 


Trust  Digital’s  tool  is  one  of 
a  small  but  growing  number 
of  products  designed  to  give 
companies  a  way  to  protect 
data  on  mobile  clients.  Anoth¬ 
er  vendor,  Addison,  Texas- 
based  Credant  Technologies 
Inc.,  ships  a  product  that’s 
nearly  identical  to  Trust  Digi¬ 
tal’s  tool.  And  PC  Guardian 
Technologies  Inc.  in  San 
Rafael,  Calif.,  offers  a  technol¬ 
ogy  that  allows  companies  to 
encrypt  e-mail  and  data  on 
mobile  computers,  desktops, 
handhelds  and  removable 
storage  devices. 

Critical  Appeal 

The  appeal  of  such  technolo¬ 
gies  is  that  they  allow  security 
policies  to  be  extended  and 
enforced  on  mobile  products 
at  a  time  when  a  growing 
amount  of  critical  data  is  be¬ 
ing  stored  on  such  devices, 
said  Randy  Maib,  senior  IT 
consultant  at  Integris  Health 
Inc.  in  Oklahoma  City. 

As  part  of  its  effort  to  com¬ 
ply  with  the  Health  Insurance 
Portability  and  Accountability 
Act,  Integris  is  using  a  tool 
from  Credant  to  protect  data 
on  mobile  devices  “by  forcing 
authentication  and  encrypting 


■  Providing  refunds  when  product 
is  not  “of  reasonable  quality.” 

■  Barring  “self-help”  or 
repossession  by  remotely 
disabling  a  digital  product. 


a  reference  point,  a  basis  for 
speaking  in  negotiations,  for 
objecting  to  terms,  for  saying 
that  I  have  a  standard  form 
to  follow.” 

Kaner  noted  that  UCITA  re¬ 
mains  influential.  It  has  been 
taught  in  law  schools  and  is  al- 


data,”  he  said.  “A  secondary 
goal  was  to  discover  how 
many  mobile  devices  were  be¬ 
ing  used  in  our  environment.” 

The  Credant  product  is  de¬ 
ployed  on  more  than  2,300 
computers  used  by  Integris 
workers,  and  the  goal  is  to 
have  it  on  all  5,000  desktops 
and  mobile  devices  by  the  end 
of  this  year,  Maib  said. 

PepsiAmericas  Inc.,  a 
Rolling  Meadows,  Ill.-based 
bottler  that  is  partly  owned  by 
PepsiCo  Inc.,  is  using  the 
Trust  Digital  product  to  pro¬ 
tect  data  on  over  300  hand¬ 
held  devices  used  by  its  sales 
staff  in  Central  Europe. 

The  technology  lets  Pepsi 
encrypt  sensitive  information 
on  the  handhelds  and  control 
what  users  can  do  with  the  de¬ 
vices,  said  Laszlo  Kovari,  a 
PepsiAmericas  information 
security  manager  in  Budapest. 

“My  idea  was  to  extend  the 
same  level  of  protection  that 
we  provide  for  laptops  and 
PCs  to  PDAs  as  well.  From  a 
pure  security  standpoint,  it 
provides  for  confidentiality 
and  integrity  of  the  data  on 
the  devices,”  Kovari  said. 

The  $2.5  billion  CUNA  Mu¬ 
tual  Group  in  Madison,  Wis., 


ready  influencing  court  opin¬ 
ions,  even  if  it  isn’t  cited  by 
name,  he  said. 

But  John  McCabe,  legis¬ 
lative  and  legal  director  of  the 
NCCUSL,  said  he  doubts  that 
UCITA  will  have  much  influ¬ 
ence  on  the  courts.  “The  im¬ 
pact  of  proposed  legislation 
like  uniform  acts  on  the  case 
law  is  highly  problematic,”  he 
said.  The  courts  will  put  em¬ 
phasis  on  prior  cases,  not  on 
statutes  that  haven’t  been 
adopted,  McCabe  said. 

He  said  it’s  highly  likely  that 
the  NCCUSL  will  again  exam¬ 
ine  software  licensing  and 
computer  information  issues 
at  some  point,  but  not  in  the 
foreseeable  future.  ©  55437 


is  using  similar  technology 
from  Credant  to  encrypt  data 
on  more  than  600  mobile 
computers  used  by  its  field 
sales  force. 

The  decision  to  implement 
the  technology  was  driven  by 
concerns  about  theft  and  acci¬ 
dental  loss  of  data,  said  David 
Meunier,  CUNA  Mutual’s  chief 
information  security  officer. 

“The  one  thing  we  are  really 
trying  to  address  is  the  risk 
that  mobile  technologies, 
specifically  laptops,  present  to 
any  business,”  said  Meunier, 
who  is  now  looking  to  extend 
the  same  protection  to  enter¬ 
prise  handhelds. 

Despite  some  of  the  bene¬ 
fits,  there  are  caveats  as  well, 
users  said.  For  one  thing, 
products  from  companies 
such  as  Credant  and  Trust 
Digital  are  still  fairly  new  and 
relatively  untested,  Maib  said. 

“Encryption  is  not  a  silver 
bullet,”  Meunier  said.  “It  adds 
a  whole  realm  of  things  that 
you  need  to  start  thinking 
about.” 

For  example,  using  en¬ 
cryption  to  protect  data  — 
whether  full-disk  or  only  par¬ 
tial  encryption  —  can  also 
have  performance  implica¬ 
tions  and  require  greater  disk 
capacity  and  investment, 
Meunier  said.  ©  55434 


Users  Act  to  Encrypt  Mobile  Data 


NOTE:  Full  list  is  at  www.fairierms.org 
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FRANK  HAYES  ■  FRANKLY  SPEAKING 


Fear,  Anger,  Distrust 

CAN  YOUR  USERS  CHANGE  when  it  comes  to  security? 
Yes,  probably.  At  least  that’s  what  two  surveys  that 
came  out  last  week  suggest.  The  Pew  Internet  &  Ameri¬ 
can  Life  Project  polled  1,300  Internet  users  about  spy- 
ware  and  related  problems  (the  results  are  online  at 
Pewinternet.org).  Meanwhile,  Computerworld.com  columnist  Larry 
Ponemon  reported  on  a  Ponemon  Institute  survey  of  400  people 
who  were  victims  of  a  personal  data  breach  [QuickLink  55301]. 

Neither  study  is  intended  to  be  about  changing  what  users  do.  But 
the  lessons  they  offer  in  that  line  are  pretty  compelling. 
Unfortunately,  you  may  not  much  like  those  lessons. 


See,  the  main  thing  that’s  clear  from  both 
studies  is  that  fear,  anger  and  distrust  are  what 
motivate  users  to  change.  In  the  Pew  survey, 

91%  of  users  said  fears  about  malware  have 
made  them  change  how  they  deal  with  e-mail, 
the  Web,  downloads  and  even  software  user 
agreements.  And,  according  to  the  Ponemon 
survey,  most  of  those  whose  personal  informa¬ 
tion  is  leaked  will  dump  the  bank,  credit  card 
or  other  company  that  exposed  their  data. 

So  users  will  change  —  if  they  get  afraid, 
angry  or  distrustful.  That  might  be  useful  in 
getting  them  to  stop  doing  risky,  insecure 
things.  But  only  if  you  make  sure  they’re  not 
afraid,  angry  or  distrustful  in  your  direction. 

So  threatening  them  with  punishment  for 
breaking  security  rules  won’t  work.  Neither  will 
trying  to  force  them  to  obey  or  lying  to  them. 

No  wonder  IT’s  standard  techniques  for  getting 
users  to  behave  always  fail.  They’re  exactly  the 
wrong  approach. 

Then  what  might  work?  Beyond  fear,  anger 
and  distrust,  there  are  some  other  useful  in¬ 
sights  to  be  gleaned  from  these  studies: 

■  Users  like  the  personal  touch.  According  to  the 
Ponemon  survey,  users  who  got  a 
phone  call  after  their  personal  data 
was  exposed  were  much  more  likely 
to  trust  the  company  than  were 
users  who  just  got  a  written  notice. 

Lesson  for  IT:  Memos  don’t  work. 

Personal  contact  is  expensive,  and 
lots  of  IT  people  could  use  some 
polish  on  their  people  skills.  But  if 
you  want  to  change  behavior,  you’ll 
need  to  do  it  one  on  one. 

■  Users  drag  their  feet,  but  they  want  a 
quick  response  from  others.  The  Pew 
survey  says  two-thirds  of  users  will 
wait  a  week  or  more  before  dealing 


with  a  suspected  spyware  infection,  and  20% 
will  never  deal  with  it.  But  the  Ponemon  results 
say  users  resent  any  delay  in  being  informed  of 
a  security  breach.  Lesson:  You  need  to  respond 
fast,  then  convey  that  urgency  to  users  so 
they’ll  call  you  as  soon  as  they  suspect  a  prob¬ 
lem  instead  of  letting  it  fester. 

■  Users  pass  the  buck.  Pew  says  users  often 
blame  friends  or  family  for  spyware  infections. 
(“Nope,  it’s  not  my  fault.”)  Lesson:  Never  mind 
the  blame  for  past  problems.  Focus  on  things 
that  “we”  —  meaning  users  and  IT  staffers  — 
can  do  to  avoid  this  problem  going  forward. 

■  Users  do  better  with  follow-ups.  In  fact,  Pone¬ 
mon  says  that  82%  of  users  expected  more  help 
than  they  got  after  their  data  was  exposed.  Les¬ 
son:  Don’t  do  just  enough.  Don’t  tell  them  just 
once.  Remind  them.  Repeat  the  message.  Then 
check  back  to  reinforce  it  with  a  positive  spin. 
(“Everything  working  OK?  Still  keeping  an  eye 
out  for  those  bad  e-mail  attachments?”) 

■  Finally,  users  want  more  information.  Really. 
Ponemon  says  67%  of  users  thought  the  infor¬ 
mation  they  got  after  a  security  breach  was 
incomplete  or  unreliable.  Pew  says  60%  of 

users  who  have  spywarelike  prob¬ 
lems  can’t  figure  out  what’s  wrong. 
Lesson:  Give  users  that  informa¬ 
tion.  Make  it  straight,  clear  and 
useful.  Ask  for  questions.  Make 
sure  users  understand  your  an¬ 
swers.  You  want  them  to  clearly 
grasp  security  threats  and  the  dam¬ 
age  they  can  do. 

After  all,  now  that  you  know  the 
strongest  motivators  of  change  for 
users,  you  want  their  fear,  anger 
and  distrust  aimed  squarely  at 
security  threats  —  where  they 
belong.  O  55415 


frank  hayes,  Computer- 
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nist.  has  covered  IT  for  more 
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franKhayes@computerwor1d.com. 


Six  the  Hard  Way 

There’s  a  big  plasma  screen  in  this  hospital  emergency 
room  that’s  used  as  a  tracking  board,  and  the  PC  it’s 
attached  to  is  in  a  nearby  closet  An  ER  nurse  watches 
as  IT  pilot  fish  pulls  the  mouse  through  the  doorway 
to  adjust  the  active  window  on  the  screen.  “We  didn’t 
know  that  the  mouse  cord  could  stretch  that  far,”  nurse 
tells  fish.  “Whenever  we  want  to  use  the  mouse,  we’ve 
used  two  people  -  one  moving  the  mouse  blindly,  the 
other  yelling  ‘right,*  ‘left,'  ‘up’  or  'down/ " 

Wfc.D°n;t  CU.DV  Backup 

5?±sa‘  SHARK 

This  IT  shop's  lANltT 

policy  is  to  dis¬ 
assemble  decommis¬ 
sioned  hard  drives  and 
physically  destroy  the 
drive  platters.  But  pitot 
fish  has  never  done  that 
to  a  laptop  drive  before. 

“Wanting  to  destroy  all 
the  data,  i  proceeded  to 
bend  the  disk  platter,” 
says  fish.  “If  was  only 
then  that  I  found  out  that 
St  was  made  of  glass.  It 
exploded  into  a  gazillion 
little  pieces,  each  smafi- 
er  than  a  grain  of  rice  Jt 
was  in  our  hair,  clothes 
and  desks  -  and  nine 

months  later,  m  still  find  j  administrative  j 
pisses  in  that  office  ”  !  asking  5 


lapped  to  back  up  his 
fifes  to  a  CD  in  case 
they're  needed.  But  fish 
can’t  find  them  on  the 
network,  and  they’re  no 
longer  on  ex-employee’s 
hard  drive,  either.  “Not 
to  worry  "  says  fish  after 
finally  finding  the  files. 
‘The  responsible  em¬ 
ploye©  was  very  thor¬ 
ough  at  saving  hss  data. 
To  floppies.  Fourteen 


\ 


r 


Dirk  Meyer 

President 
AMD  Microprocessor  Sector 


Sherry  Q,  Moore 


John  Fowler 


Sun  Solaris  >  Sun  Network  Systems 


Kernel  Engineer 


Group  EVP 


BethS.  Beasley 

Sun  X64 

Product  Manager 


Wall  Street  Financial  Analyst 


Marty  Seyer 

Vice  President 
AMD  Microprocessor  Sector 


:: 


Sharethe  fast  lane.  The  pace  of  modern-day  investing  can  boggle  the  mind.  And  overwhelm  the  data  center.  So  Sun  and  AMD  are  working 
on  faster,  next-generation  systems  for  Wall  Street.  Benchmarks  show  that  Sun  Fire™  V40z  servers,  employing  Dual-Core  AMD  Opteron' 
processors,  deliver  world  record  performance.1  And  dual-core  processing  helps  save  money,  too.  How  much?  About  $2  million  a  year  in 
power,  costs  alone?  That's  what  financial  firms  call  a  smart  investment.  The  performance  is  the  asset.  The  network  is  the  computer,"  Share. 


Sun 


share 


microsystems 

,  #  .  t .  f 

--•»  _  . '  •*  F  & 

r  *  * 

jl)  For  a  complete  fist  of  results  visit:  http://www.sw.com/v40z/Senchmerks.ht1hi  (2J  Based 


/  averaqe.cost  per  kWh  of  1 1  cants  (or  a  data  center  with  x.ooo  Sun  Fne’  Vaoz  servers  each  \vj’f»4  Du.U-Cors  «WD  Optr*on*  (,rx*s»>0’S. 

i  \ 

•  «  •  7  *  •  l  • 


1 . 

L 


m 


Oracle  Database 


World's  #1  Database 


|s/oW 

A 


For  Small  Business 


Easy  to  use.  Easy  to  manage. 
Only  $149  per  user. 


oracle.com/standardedition 
or  call  1.800.633.0753 


Terms,  conditions,  and  limitations  apply.  Pricing,  specifications,  availability  and  terms  of  offers  may  change  without  notice.  Taxes,  fees  and  shipping  charges 
extra,  vary  and  are  not  subject  to  discount.  Oracle  Database  Standard  Edition  One  is  available  with  Named  User  Plus  licensing  at  $149  per  user 
with  a  minimum  of  five  users  or  $4995  per  processor.  Licensing  of  Oracle  Standard  Edition  One  is  permitted  only  on  servers 
that  have  a  maximum  capacity  of  2  CPUs  per  server.  For  more  information,  visit  oracle.com/standardedition 

Copyright  ©  2005,  Oracle.  Oracle,  JD  Edwards,  PeopleSoft  and  Retek  are  registered  trademarks  of  Oracle  Corporation  and/or  its  affiliates. 

Other  names  may  be  trademarks  of  their  respective  owners. 


